German political representatives were targeted by an email bomb campaign launched by the “Cozy Bear”. This group of Kremlin hackers is known for its destabilization operations.
Hack to destabilize. While Kremlin hackers have been known to launch cyberespionage campaigns for a dozen years, cyber experts have noticed that one of the main hacker groups is resuming campaigns of political disruption.
Cozy Bear, also called APT29, Nobelium or Midnight Blizzard, is a group of Russian intelligence hackers, known worldwide for having leaked Democratic Party emails before the 2016 American elections. In 2020, this collective attempted to steal information regarding the development of a vaccine against covid-19.
The “Cozy Bears” have already found their target for 2024, since Mandiant, a cybersecurity company owned by Google Cloud, published a report on March 22, 2024 on a phishing campaign targeting elected officials in Germany.
Mandiant experts shared excerpts from the email bombs. Hackers pose as political offices and invite targets to party dinners, including a questionnaire to fill out for the supposed party. The recovered messages targeted members of the CDU, one of the main parties in Germany, known to be that of Angela Merkel.
The attached file contains sophisticated malware, called WineLoader, to sneak into the system and spy on the victim’s computer.
This malware has already been noticed during previous dinner invitations, without the authors being able to identify the authors before.
Moscow has an interest in “understanding the evolution of the political dynamics linked to Ukraine”
According to the report, this is the first time the cyberespionage group has targeted political parties in Europe. “ These parties are likely targets for future cyberespionage activities, given Moscow’s vital interest in understanding evolving Western political dynamics related to Ukraine », Note the Mandiant experts.
Questioned by Numerama, David Grout, technical director at Mandiant Europe, explains to us that the “Cozy Bear” are turning “ towards the recovery of political information with probably an objective of influence. It is one of the most technologically advanced groups and they use this offensive arsenal to target political representatives. » More than espionage, the danger behind these campaigns is a reuse of exchanges to disinform and influence the population of the targeted country.
Do you want to know everything about the mobility of tomorrow, from electric cars to e-bikes? Subscribe now to our Watt Else newsletter!