Dinner with APT29
In late February 2024, Mandiant identified APT29 – a Russian Federation-backed threat group linked to the Russian Foreign Intelligence Service (SVR) by multiple governments – which ran a phishing campaign targeting German political parties. Consistent with APT29 operations dating back to 2021, this operation leveraged APT29's main ROOTSAW (also known as EnvyScout) payload to deliver a new backdoor variant known as WINELOADER. This activity represents a departure from APT29's typical targeting of governments, foreign embassies and other…