Eastern European diplomats targeted by new APT29 phishing campaign

Diplomatic entities across Eastern Europe have been targeted by Russian state-sponsored threat operation APT29, also known as BlueBravo, Cloaked Ursa, and Midnight Blizzard, with the novel GraphicalProton malware in phishing attacks from March to May, according to The Hacker News. APT29 has leveraged legitimate internet services to facilitate the obfuscation of Microsoft OneDrive or Dropbox, which served as its command-and-control servers in the GraphicalProton attacks, a Recorded Future report showed. Phishing emails with vehicle-related lures have been used by threat actors to facilitate the delivery of ISO or ZIP files with PNG image-spoofing .LNK files that trigger GraphicalProton. Such cyberespionage attacks against European government organizations have been linked to Russia's growing interest in collecting intelligence in Europe amid its ongoing war with Ukraine. Meanwhile, the findings should prompt network defenders to be more vigilant of the potential exploitation of OneDrive and other similar services to enable malware delivery, said researchers.