APT29 mounts cyberespionage campaign across Europe

Numerous European countries, particularly Greece, Azerbaijan, Romania, and Italy, had their international organizations and embassies subjected to a cyberespionage campaign by Russian state-sponsored threat operation APT29, also known as Blue Bravo or Cozy Bear, in September, according to The Record, a news site by cybersecurity firm Recorded Future. Most impacted by the intrusions were Azerbaijan- and Italy-based foreign affairs ministries, which may be part of APT29's intelligence-gathering efforts pertaining to the activities of Azerbaijan in its invasion of the Nagorno-Karabakh region, a report from Ukraines National Cyber Security Coordination Center revealed. Attacks conducted by APT29 involved the delivery of phishing emails regarding the sale of diplomatic BMW vehicles redirecting to malicious files that leverage the WinRAR vulnerability, tracked as CVE-2023-3883, to facilitate initial systems access. Such a lure was also used in a cyberespionage attack against Kyiv-based embassies earlier this year but the new campaign involved the utilization of the Ngrok tool to enable communications with the malicious server and conceal threat activity.