Tag: diplomats

2 Attack Reports | 0 Vulnerabilities

Attack reports

WINELOADER Analysis

APT29, also known as Cozy Bear, has targeted European diplomats using a sophisticated multi-stage attack chain involving a new modular backdoor called WINELOADER. The attack begins with a fake PDF invitation to a wine-tasting event, which leads to the download of a malicious HTA file. This file the…
backdoor
wineloader
evasion
modular
diplomats
dll side-loading
apt29
cozy bear
2024-11-07
dll hollowing
Published: November 7, 2024
Downloadable IOCs: 0

Fighting Ursa Luring Targets With Car for Sale

This analysis examines a campaign attributed to the Russian threat actor Fighting Ursa, also known as APT28, Fancy Bear, and Sofacy. The group utilized a phishing lure disguised as an advertisement for a car sale to distribute the HeadLace backdoor malware, likely targeting diplomats. The lure expl…
malware
backdoor
espionage
phishing
russia
headlace
2024-08-05
diplomats
Published: August 5, 2024
Linked vulnerabilities : CVE-2024-3400
Downloadable IOCs: 6
Click here to see more Attack Reports