Russian Hackers Bait European Diplomats With Fake Wine Tastings in Sophisticated Cyberattack
Sarah Johnson
April 18, 2025
Brief
Russian-linked hacking group APT29 targeted European diplomats with fake wine tasting invites in a sophisticated phishing campaign, deploying new malware called GRAPELOADER, according to cybersecurity researchers.
European diplomats have found themselves the target of an unusually refined cyberattack: invitations to bogus wine tasting events that are, in reality, phishing lures crafted by a Russia-linked hacking group.
According to a report from Check Point Research, the notorious group APT29 is behind this "advanced phishing campaign." Posing as a major European Ministry of Foreign Affairs, the hackers sent out emails inviting diplomats to exclusive wine tastings. The catch? Clicking the invitation link delivers a new malware called GRAPELOADER. Even cybercriminals apparently have a taste for a good pun.
The emails, targeting diplomatic entities across Europe and even embassies from non-European countries, sported subject lines like "Wine tasting event (update date)," "For Ambassador’s Calendar," and, for those who prefer their subterfuge with a side of formality, "Diplomatic dinner."
The U.S. Cybersecurity and Infrastructure Security Agency has previously described APT29—also known as Midnight Blizzard, the Dukes, or Cozy Bear—as a cyber espionage group almost certainly working for Russian intelligence.
Check Point Research highlighted that APT29 is notorious for hitting high-profile organizations, including governments and think tanks, using everything from classic phishing to complex supply chain attacks. Their operations blend custom-made and off-the-shelf malware, making them a nightmare for security teams.
This latest campaign, which began in January, mainly targeted Ministries of Foreign Affairs throughout Europe, though there were signs of diplomats outside Europe, including in the Middle East, also being targeted. For those who didn’t bite on the first try, the hackers sent follow-up waves of emails, determined not to let a free (fake) wine tasting go to waste.
The malicious links were cleverly shielded: they only triggered downloads under certain conditions like specific times or locations, and if accessed directly, redirected users to the real Ministry of Foreign Affairs website—just in case the target was suspicious. That’s some next-level cloak-and-dagger, even for cyber spies.
For now, it’s unclear if any of the phishing attempts actually succeeded. But one thing is clear: in today’s world, even the promise of a good glass of wine comes with strings—and malware—attached.
Topics
Like this article? Share it with your friends!
If you find this article interesting, feel free to share it with your friends!
Thank you for your support! Sharing is the greatest encouragement for us.
