The Russian state-backed malicious actor identified as APT29 has been associated with a sophisticated phishing initiative aimed at diplomatic organizations throughout Europe, utilizing a new version of WINELOADER and a previously undisclosed malware loader referred to as GRAPELOADER.
“Although the enhanced WINELOADER iteration remains a modular backdoor employed in subsequent phases, GRAPELOADER serves as a recently detected initial-stage instrument.