A Russia-linked hacking group unleashed a new “advanced phishing campaign” targeting European diplomats with invites to fake wine tasting events, according to a report. 

Check Point Research said the APT29 group is trying to “impersonate a major European Ministry of Foreign Affairs to send out invitations to wine tasting events, prompting targets to click a web link leading to the deployment of a new backdoor [malware] called GRAPELOADER.”  

“This campaign appears to be focused on targeting European diplomatic entities, including non-European countries’ embassies located in Europe,” the cybersecurity firm said in an advisory, noting that the emails with malicious links included subject lines such as “Wine tasting event (update date),” “For Ambassador’s Calendar” and “Diplomatic dinner.” 

The U.S. Cybersecurity and Infrastructure Security Agency said last year that APT29, which also goes by the names of Midnight Blizzard, the Dukes, or Cozy Bear, is “a cyber espionage group, almost certainly part of the SVR, an element of the Russian intelligence services.” 

Check Point Research said the APT29 group is trying to “impersonate a major European foreign affairs ministry to distribute fake invitations to diplomatic events – most commonly, wine tasting events.” (Justin Sullivan/Getty Images)

“In cases where the initial attempt was unsuccessful, additional waves of emails were sent to increase the likelihood of getting the victim to click the link and compromise his machine,” it added. 

“The server hosting the link is believed to be highly protected against scanning and automated analysis solutions, with the malicious download triggered only under certain conditions, such as specific times or geographic locations. When accessed directly, the link redirects to the official website of the impersonated Ministry of Foreign Affairs,” the firm continued. 

The malacious emails had subject lines including “Wine Event,” according to Check Point Research. (iStock)

It is unclear if any of the phishing attacks were successful.