European cybersecurity is on alert following the revelation of a new phishing campaign led by the Russian hacker group APT29 , also known as Midnight Blizzard or Cozy Bear. This group, linked to the Kremlin's intelligence services, has launched a sophisticated attack against one of Germany's main political parties, the Christian Democratic Union (CDU), and there are fears that the campaign will spread to other European countries.
Security company Mandiant has reported that hackers have used a fake invitation to a party dinner to trick their victims into installing malware on their systems . This method of phishing is not new to APT29, who were previously accused of trying to steal coronavirus vaccine research in 2020.
The recent attack was detected at the end of February and is characterized by the use of an email bearing the CDU logo to quickly gain the trust of victims. The phishing link included in the document leads to a malicious ZIP file containing a ROOTSAW dropper, hosted on a website controlled by the attackers.
ROOTSAW is known to be the central component in APT29's initial access attempts, with the goal of gathering political intelligence. In addition, the use of another malicious software called WINELOADER has been observed, which was used in operations against diplomatic organizations in several countries.
Mandiant warns that this activity represents a significant threat to European and Western political parties , and stresses the importance of being vigilant to changes in political dynamics that may be of interest to Moscow, especially in relation to Ukraine and other areas of political tension. .
This report highlights the need to strengthen cybersecurity measures and international cooperation to counter emerging threats in the digital sphere.