"Russian Hackers Linked to Widespread Attacks Targeting NATO and EU"

Poland's Military Counterintelligence Service and Computer Emergency Response Team have linked APT29 state-sponsored hackers, who are part of the Russian government's Foreign Intelligence Service (SVR), to attacks against NATO and European Union countries. The cyber espionage group, also known as Cozy Bear and Nobelium, sought to steal information from diplomatic entities and foreign ministries as part of this campaign. The attackers targeted diplomatic personnel with spear phishing emails that impersonated embassies of European nations and contained links to malicious websites or attachments designed to launch malware via ISO, IMG, and ZIP files. APT29-controlled websites infected victims with the EnvyScout dropper via HTML smuggling, which helped in the deployment of downloaders referred to as SNOWYAMBER and QUARTERRIG. The downloaders are designed to deliver additional malware and a CobaltStrike Beacon stager named HALFRIG. APT29 is the hacking division of the SVR that was linked to the SolarWinds supply-chain attack that compromised multiple US federal agencies three years ago. This article continues to discuss APT29 state-sponsored hackers being linked to attacks targeting NATO and European Union countries.

Bleeping Computer reports "Russian Hackers Linked to Widespread Attacks Targeting NATO and EU"