March 23, 2024 at 03:58AM
Russian cyberspies targeted German political parties using phishing emails disguised as dinner invitations. The emails contained a backdoor, WINELOADER, that aimed to infect targets’ PCs for long-term access to networks and data. The espionage group, linked to the Russian Foreign Intelligence Service, has expanded its targets, techniques, and even lurked in Microsoft’s networks.
Based on the meeting notes, it appears that the Kremlin’s cyberspies, also known as Cozy Bear, have initiated a sophisticated phishing campaign targeting German political parties. The campaign involved sending emails disguised as dinner party invitations, specifically posing as the Christian Democratic Union (CDU), and luring recipients to click on a link to a hijacked website which would then download a .zip file containing the WINELOADER backdoor.
This WINELOADER backdoor was designed to allow remote control of infected PCs, giving Cozy Bear the ability to carry out various malicious activities, including running commands and snooping on user applications. The backdoor was also noted to be a part of previous phishing campaigns targeting diplomatic entities in Europe, India, and Peru.
Furthermore, it was revealed that the CDU, the targeted political party, received prompt information about the attack and clarified that there was no official dinner on the specified date.
Additionally, Cozy Bear has been reported to have accessed Microsoft’s networks, stealing source code and gaining access to internal systems, indicating their continued cyber espionage activities.
Overall, the notes highlight the evolving and sophisticated nature of Cozy Bear’s cyber operations, their customization of malicious software, and their increasing targets and techniques, raising concerns about potential future espionage activities on Western political parties and entities.