"Russian APT29 Hackers Caught Targeting German Political Parties"

Security researchers at Mandiant recently discovered that Russia’s APT29 hacking group is targeting political parties in Germany, indicating a possible new operational focus beyond typical attacks on diplomatic figures.  According to the researchers, hackers linked to Russia’s foreign intelligence service (SVR) have expanded their target base to hit German political parties in a multi-stage malware attack that includes phishing lures and a new backdoor called Wineloader.  The researchers noted that they observed phishing emails to victims purporting to be an invite to a dinner reception in early March bearing a logo from the Christian Democratic Union (CDU), a major political party in Germany.  The German-language lure document contained a phishing link directing victims to a malicious ZIP file containing a malware dropper called Rootsaw hosted on a hacked website controlled by the attackers.  The researchers noted that the dropper would be used to install Wineloader, a known backdoor that was first seen in a malware operating targeting diplomatic entities in Czechia, Germany, India, Italy, Latvia, and Peru.  
 

SecurityWeek reports: "Russian APT29 Hackers Caught Targeting German Political Parties"

Submitted by Adam Ekwall on