An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors.
The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware calledΒ Duke, which has been attributed toΒ APT29Β (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock,