Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations

During the lead up to Ukraine’s counteroffensive, Mandiant and Google’s Threat Analysis Group (TAG) have tracked an increase in the frequency and scope of APT29 phishing operations. Investigations into the group’s recent activity have identified an intensification of operations centered on foreign embassies in Ukraine.

Notably, as part of this activity, Mandiant have seen phishing emails targeting a wide range of diplomatic representations in Kyiv including those of Moscow’s partners, representing the first time Mandiant researchers have observed this cluster of APT29 activity pursuing governments strategically aligned with Russia.

Read more…
Source: Mandiant