Russian Federation-backed threat group APT29 Now Targeting German Political Parties

Russian Federation-based Threat Group

New analysis of APT29’s (aka Cozy Bear) activities and their association with Russia’s Foreign Intelligence Service (SVR) has revealed suspected attempts to collect political intelligence.


Last month, security researchers at Mandiant identified an attack targeting German political parties using a new backdoor malware dubbed WINELOADER.

In a just-released analysis of the attacks, Mandian analysts noted some changes in the execution methods of APT29 that go back to 2021.

First is the use of German-language content — a possible sign of the use of generative AI to create content native to the targeted victims. Under the guise of an invitation a dinner reception while impersonating the Christian Democratic Union political party, the phishing email linked to a dropper hosted on a compromised  website.

The second change in execution is the target. Historically, APT29 has been responsible for attacks like the SolarWinds attack in 2020. According to Mandiant, the threat group was seen targeting political targets in Czechia, Germany, India, Italy, Latvia, and Peru — indicating a shift to likely aiding SVR with the collection of political intelligence.

The good news is their email is horrible — take a look.


Source: Mandiant

So, only those that simply aren’t paying attention will fall for it.  But that’s just it most of your employees aren’t paying attention; they’re busy doing their real job. To get them to truly spot a potential phishing-based threat and avoid becoming a victim takes continual reinforcement through new-school security awareness training that establishes a sense of vigilance within the employee so being suspicious of such an email as the one above becomes second nature.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews