"In Vino Veritas: Tracking APT29 Phishing Campaigns" (ENG)
May 29th
14:40
Starting January 2025, Check Point Research (CPR) has been tracking a wave of targeted phishing attacks sweeping through European diplomatic circles. Disguised as invitations to exclusive wine-tasting events, these lures were designed to compromise high-value targets with a new backdoor, GRAPELOADER. This campaign, attributed to APT29—also known as Cozy Bear or Midnight Blizzard—is part of a broader, sustained effort to infiltrate diplomatic entities in Europe. In this talk, we will discuss the tactics employed in this campaign and previous ones, tracking how APT29’s phishing campaigns have evolved in recent years.

Amitai Ben Shushan Ehrlich

Threat Researcher at Check Point Software Technologies

Amitai is a threat researcher with over a decade of experience in analyzing advanced threat actors and targeted attacks. Currently, he leads the Threat Intelligence Analysis (TIA) in Check Point Research, following diverse roles in the fields of Threat Research, Incident Response and Threat Hunting. His main focus is identifying, analyzing and tracking the activity of state-sponsored actors.

We use cookies to support your experience on our website. By continuing to use our site, you agree to our use of cookies.