Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Russian Federation-backed threat group APT29 Now Targeting German Political Parties

    Russian Federation-based Threat Group

    New analysis of APT29’s (aka Cozy Bear) activities and their association with Russia’s Foreign Intelligence Service (SVR) has revealed suspected attempts to collect political intelligence.

     

    Last month, security researchers at Mandiant identified an attack targeting German political parties using a new backdoor malware dubbed WINELOADER.

    In a just-released analysis of the attacks, Mandian analysts noted some changes in the execution methods of APT29 that go back to 2021.

    First is the use of German-language content — a possible sign of the use of generative AI to create content native to the targeted victims. Under the guise of an invitation a dinner reception while impersonating the Christian Democratic Union political party, the phishing email linked to a dropper hosted on a compromised  website.

    The second change in execution is the target. Historically, APT29 has been responsible for attacks like the SolarWinds attack in 2020. According to Mandiant, the threat group was seen targeting political targets in Czechia, Germany, India, Italy, Latvia, and Peru — indicating a shift to likely aiding SVR with the collection of political intelligence.

    The good news is their email is horrible — take a look.

    apt29-wineloader-fig1

    Source: Mandiant

    So, only those that simply aren’t paying attention will fall for it.  But that’s just it most of your employees aren’t paying attention; they’re busy doing their real job. To get them to truly spot a potential phishing-based threat and avoid becoming a victim takes continual reinforcement through new-school security awareness training that establishes a sense of vigilance within the employee so being suspicious of such an email as the one above becomes second nature.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

     

    Return To KnowBe4 Security Blog

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

    Request a Demo!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/kmsat-security-awareness-training-demo

    Topics: Phishing, Security Culture

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews