The “Cozy Bear” hacker group, which is linked to Russian intelligence services, has been attacking European diplomats in recent months — hackers sent out email invitations to fake wine tastings from European foreign ministries.
Politico writes about this, citing research by cybersecurity company Check Point.
The emails contained malware that threatened the victimsʼ security and were sent with the subject lines "Wine Testing Event" and "Diplomatic Dinner”.
Foreign ministries and embassies of non-EU countries located in Europe have received such reports, and there are indications that diplomats in the Middle East have also been targeted.
Diplomats who opened email attachments downloaded malware. Check Point has not determined whether the hacking attempts were successful.
Check Point has been tracking this campaign since January. The company’s researcher Serhiy Shykevych declined to say which foreign ministry the hackers impersonated, saying only that it was “one of the largest” in the European Union.
Two European diplomats told Politico that they regularly receive warnings about phishing attempts, but had not received any warnings about this campaign.
- “Cozy Bear” is one of the most notorious Russian hacking groups. It is suspected of carrying out large-scale cyberattacks, including the hacking of the Democratic National Committee of the United States before the 2016 election, as well as the recent hack of SolarWinds, which has been called one of the largest cyberattacks in history. According to Western intelligence agencies, “Cozy Bear” (also known as APT29 or “Midnight Blizzard”) is associated with the Russian Foreign Intelligence Service.
For more news and in-depth stories from Ukraine please follow us on X.