CyberSecurityBoard
Sponsor Register Login

APT29 Hackers Employs GRAPELOADER in New Attack Against European Diplomats

A sophisticated phishing campaign by Russian-linked threat group APT29 has been actively targeting European diplomatic entities since January 2025, according to a recent security report. Additionally, the malware employs an evasion technique when executing shellcode by temporarily marking memory regions as non-accessible during security scans before making them executable for malicious code execution. The campaign, believed to be a continuation of previous operations that utilized the WINELOADER backdoor, now employs a new malware loader called GRAPELOADER as its initial infection vector. Check Point researchers identified the campaign through continuous monitoring of APT29 activities, noting the significant similarities between this operation and previous campaigns attributed to the threat actor, also known as Midnight Blizzard or Cozy Bear. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The infection chain leverages DLL side-loading techniques to execute the malicious code while evading detection by security solutions. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The attackers, impersonating a major European Ministry of Foreign Affairs, send phishing emails containing invitations to diplomatic events—primarily wine tasting gatherings. These emails include malicious links that, when clicked, initiate the download of an archive (wine.zip) containing the GRAPELOADER malware. GRAPELOADER serves as an initial-stage tool designed for fingerprinting infected environments, establishing persistence, and retrieving next-stage payloads—likely the improved WINELOADER variant also discovered during the investigation. The malware’s sophisticated evasion techniques include an elaborate approach to string obfuscation that effectively defeats common analysis tools. GRAPELOADER also implements runtime API resolving and DLL unhooking techniques to bypass security monitoring. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Each string is processed using three unique functions tailored to specific strings: one retrieves the encrypted byte blob, another decrypts it, and a third immediately zeroes out the memory after use.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Apr 2025 14:15:14 +0000


Cyber News related to APT29 Hackers Employs GRAPELOADER in New Attack Against European Diplomats

APT29 Hackers Employs GRAPELOADER in New Attack Against European Diplomats - A sophisticated phishing campaign by Russian-linked threat group APT29 has been actively targeting European diplomatic entities since January 2025, according to a recent security report. Additionally, the malware employs an evasion technique when ...
6 months ago Cybersecuritynews.com Cozy Bear APT29
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com CVE-2023-38831 APT28 APT29
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing - Due to the campaign being highly targeted and the malware running entirely in memory, Check Point was unable to retrieve WineLoader's full second-stage payload or additional plugins, so the full spectrum of its capabilities or tailored nature per ...
6 months ago Bleepingcomputer.com APT29
TeamViewer says Russia's 'Cozy Bear' hackers attacked corporate IT system - Software company TeamViewer confirmed on Friday that a prolific Russian hacking group breached its corporate IT environment earlier in the week. In an updated statement, the company attributed a recently announced incident to APT29, also known as ...
1 year ago Therecord.media Cozy Bear APT29
TeamViewer says Russia's 'Cozy Bear' hackers attacked corporate IT system - Software company TeamViewer confirmed on Friday that a prolific Russian hacking group breached its corporate IT environment earlier in the week. In an updated statement, the company attributed a recently announced incident to APT29, also known as ...
1 year ago Therecord.media Cozy Bear APT29
Microsoft Cloud Users Store Personal Data In Europe - In effort to resolve privacy worries, Microsoft is to allow its cloud customers to store all personal data within EU. Microsoft has confirmed that it will allow cloud customers to store all their personal data within the European Union, in an effort ...
1 year ago Silicon.co.uk
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
TeamViewer: Hackers copied employee directory data and encrypted passwords - Software company TeamViewer says that a compromised employee account is what enabled hackers to breach its internal corporate IT environment and steal encrypted passwords in an incident attributed to the Russian government. In an update on Sunday ...
1 year ago Therecord.media APT29
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
1 year ago Bleepingcomputer.com APT29
7th Cybersecurity Forum: Power grids cybersecurity ascending to prominence — ENISA - 7th Cybersecurity Forum: Power grids cybersecurity ascending to prominence The Association of European Distribution System Operators (E.DSO), the European Energy Information Sharing and Analysis Centre (EE-ISAC), the European Network for Cyber ...
1 year ago Enisa.europa.eu
Third Of European Businesses Have Adopted AI, AWS - AWS finds AI already adopted at sizeable number of European businesses, resulting in increased revenues, productivity. An insight into the adoption rate of artificial intelligence within the business community has been offered in a new report from ...
1 year ago Silicon.co.uk
EU Takes a Leap Forward with Cybersecurity Certification Scheme - The EUCC, or EU cybersecurity certification scheme, has an implementing rule that was adopted by the European Commission. The result is consistent with the cybersecurity certification methodology under consideration on EUCC, which was created by ...
1 year ago Cysecurity.news
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com
Amazon Shuts Down APT29 Watering Hole Attack - Amazon has successfully thwarted a sophisticated watering hole attack orchestrated by the notorious Russian state-sponsored hacking group APT29, also known as Cozy Bear. This cyberattack targeted specific websites frequented by government officials ...
2 months ago Therecord.media APT29 Cozy Bear
The European Space Agency Explores Cybersecurity for Space Industry - Cybersecurity for space missions is not optional and should be taken seriously. While Europe's burgeoning commercial space industry is facing some challenges, the European Space Agency is taking specific steps to boost defenses, such as planning to ...
1 year ago Darkreading.com
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - A previously unknown hacking group has been spotted targeting European healthcare organizations using spyware linked to Chinese state-backed hackers and a new ransomware strain, researchers said. The hackers, dubbed Green Nailao, deployed ShadowPad ...
8 months ago Therecord.media
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
1 year ago Bleepingcomputer.com APT29
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
1 year ago Bleepingcomputer.com APT29
EU's Didier Reyon Warns TikTok CEO to Comply with New Digital Rules - EU Commissioner Didier Reyon warned the CEO of social media company TikTok to comply with new digital rules proposed in the European Union. ...
2 years ago Securityweek.com
European firms urge China to give more clarity on data transfer laws - AP Moeller - Maersk A/S Siemens AG BEIJING, Nov 15 - European firms "Urgently" need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to ...
1 year ago Reuters.com
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com CVE-2023-23397 Fancy Bear APT28
Chinese hackers exploit Windows zero-day to spy on European diplomats - Chinese hackers have exploited a critical Windows zero-day vulnerability to conduct espionage on European diplomats. This sophisticated cyberattack highlights the ongoing threat posed by state-sponsored groups targeting sensitive diplomatic ...
1 week ago Bleepingcomputer.com CVE-2023-38831 Chinese hackers
Amazon disrupts Russian APT29 hackers targeting Microsoft 365 - Amazon has successfully disrupted the operations of the Russian cyber espionage group APT29, also known as Cozy Bear, which has been targeting Microsoft 365 users. This group is notorious for its sophisticated cyber attacks aimed at stealing ...
2 months ago Bleepingcomputer.com APT29 Cozy Bear
China Hijacks Captive Portals to Spy on Asian Diplomats - A sophisticated cyber espionage campaign attributed to Chinese threat actors has been uncovered, targeting Asian diplomats through the hijacking of captive portals. These portals, commonly used in public Wi-Fi networks to authenticate users, were ...
2 months ago Darkreading.com Chinese threat actors

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)