March 22, 2024 at 03:33PM
Researchers warn that a Russian intelligence-linked hacking group, APT29, has shifted focus to target political parties in Germany, utilizing phishing tactics to deploy backdoor malware, WineLoader. This marks a significant change for the group, previously known for targeting governments and embassies. The shift suggests an intention to influence or monitor political processes.
Key takeaways from the meeting notes:
– APT29, a Russian hacking group associated with Russia’s Foreign Intelligence Service (SVR), has shifted its focus to target political parties in Germany, moving away from targeting diplomatic missions.
– The group uses phishing attacks to deploy a backdoor malware called WineLoader, which allows them to gain remote access to compromised devices and networks.
– APT29 has been linked to various cyberattacks, including the SolarWinds supply chain attack in December 2020.
– The group has recently targeted German political parties by sending phishing emails themed around the Christian Democratic Union (CDU) and embedding a link to a ZIP archive containing the ‘Rootsaw’ malware dropper.
– This marks the first time APT29 has targeted political parties, indicating a significant shift in their operational focus.
– WineLoader, the backdoor malware, is modular and more customized than previous variants, establishing encrypted communication with a command and control (C2) server and evading detection by loading directly into memory via DLL side-loading.
– The shift to targeting political parties suggests an intent to influence or monitor political processes, reflecting broader geopolitical objectives.