Last month, security researchers at Mandiant identified an attack targeting German political parties using a new backdoor malware dubbed WINELOADER.
In a just-released analysis of the attacks, Mandian analysts noted some changes in the execution methods of APT29 that go back to 2021.
First is the use of German-language content — a possible sign of the use of generative AI to create content native to the targeted victims. Under the guise of an invitation a dinner reception while impersonating the Christian Democratic Union political party, the phishing email linked to a dropper hosted on a compromised website.
The second change in execution is the target. Historically, APT29 has been responsible for attacks like the SolarWinds attack in 2020. According to Mandiant, the threat group was seen targeting political targets in Czechia, Germany, India, Italy, Latvia, and Peru — indicating a shift to likely aiding SVR with the collection of political intelligence.
The good news is their email is horrible — take a look.
Source: Mandiant
So, only those that simply aren’t paying attention will fall for it. But that’s just it — most of your employees aren’t paying attention; they’re busy doing their real job. To get them to truly spot a potential phishing-based threat and avoid becoming a victim takes continual reinforcement through new-school security awareness training that establishes a sense of vigilance within the employee so being suspicious of such an email as the one above becomes second nature.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
