European Diplomats Targeted With Phony Invitations to a Wine-Tasting Party



Wine-Themed Phishing AttacksResearchers at Zscaler observed a cyberespionage campaign that targeted European diplomats with malicious PDFs disguised as invitations to a wine-tasting party hosted by the Ambassador of India.

“Zscaler's ThreatLabz discovered a suspicious PDF file uploaded to VirusTotal from Latvia on January 30th, 2024,” the researchers write.

“This PDF file is masqueraded as an invitation letter from the Ambassador of India, inviting diplomats to a wine-tasting event in February 2024. The PDF also included a link to a fake questionnaire that redirects users to a malicious ZIP archive hosted on a compromised site, initiating the infection chain. Further threat hunting led us to the discovery of another similar PDF file uploaded to VirusTotal from Latvia in July 2023.”

The PDF files asks recipients to fill out a questionnaire in order to receive an invitation to the event. If the user clicks on the link to the phony questionnaire, they’ll be taken to a website that will install a malicious HTA file.

“The contents are well-crafted to impersonate the Ambassador of India,” the researchers write. “The invitation contains a link to a fake questionnaire, which kickstarts the infection chain. The malicious link in the PDF invitation redirects users to a compromised site, hxxps://seeceafcleaners[.]co[.]uk/wine.php, that proceeds to download a ZIP archive containing an HTA file - wine.hta.”

Zscaler believes a state-sponsored threat actor is behind the campaign and is targeting specific individuals.

“We believe that a nation-state threat actor, interested in exploiting the geopolitical relations between India and diplomats in European nations, carried out this attack,” the researchers write. “The attack is characterized by its very low volume and the advanced tactics, techniques, and procedures (TTPs) employed in the malware and command and control (C2) infrastructure. While we have not yet attributed this attack to any known APT group, we have named this threat actor SPIKEDWINE based on the wine-related theme and filenames used in different stages of the attack chain, and our investigation into the case is ongoing.”

New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Zscaler has the story.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews