Russia-linked hackers targeting European diplomats with invites to bogus wine tasting events

close Video

Fox News Flash top headlines for April 15

Fox News Flash top headlines are here. Check out what’s clicking on Foxnews.com.

A Russia-linked hacking group unleashed a new “advanced phishing campaign” targeting European diplomats with invites to fake wine tasting events, according to a report. 

Check Point Research said the APT29 group is trying to “impersonate a major European Ministry of Foreign Affairs to send out invitations to wine tasting events, prompting targets to click a web link leading to the deployment of a new backdoor [malware] called GRAPELOADER.”  

“This campaign appears to be focused on targeting European diplomatic entities, including non-European countries’ embassies located in Europe,” the cybersecurity firm said in an advisory, noting that the emails with malicious links included subject lines such as “Wine tasting event (update date),” “For Ambassador’s Calendar” and “Diplomatic dinner.” 

The U.S. Cybersecurity and Infrastructure Security Agency said last year that APT29, which also goes by the names of Midnight Blizzard, the Dukes, or Cozy Bear, is “a cyber espionage group, almost certainly part of the SVR, an element of the Russian intelligence services.” 

WINDOWS 10 SECURITY FLAWS LEAVE MILLIONS VULNERABLE 

A new phishing campaign is targeting European diplomats with invites to fake wine tasting events, a cybersecurity firm said. (Thierry Monasse/Getty Images)

Check Point Research said Tuesday that APT29 is “known for targeting high-profile organizations, including government agencies and think tanks” and that “their operations vary from targeted phishing campaigns to high-profile supply chain attacks that utilize a large array of both custom and commercial malware.” 

“Throughout the [new] campaign, the targets include multiple European countries with a specific focus on Ministries of Foreign Affairs, as well as other countries’ embassies in Europe. In addition to the emails we’ve identified, we found indications of limited targeting outside of Europe, including of diplomats based in the Middle East,” it also said. 

Check Point Research said the phishing attacks started in January of this year. 

CHINESE OFFICIALS CLAIMED BEHIND CLOSED DOORS THAT THEIR GOVERNMENT PLAYED ROLE IN US CYBERATTACKS: REPORT 

Check Point Research said the APT29 group is trying to “impersonate a major European foreign affairs ministry to distribute fake invitations to diplomatic events – most commonly, wine tasting events.” (Justin Sullivan/Getty Images)

“In cases where the initial attempt was unsuccessful, additional waves of emails were sent to increase the likelihood of getting the victim to click the link and compromise his machine,” it added. 

“The server hosting the link is believed to be highly protected against scanning and automated analysis solutions, with the malicious download triggered only under certain conditions, such as specific times or geographic locations. When accessed directly, the link redirects to the official website of the impersonated Ministry of Foreign Affairs,” the firm continued. 

The malacious emails had subject lines including “Wine Event,” according to Check Point Research. (iStock)

CLICK HERE TO GET THE FOX NEWS APP 

It is unclear if any of the phishing attacks were successful. 

Greg Norman is a reporter at Fox News Digital.