Date of report
- April 2022
Affiliations
Russian threat actor APT 29 targeted diplomatic entities with spear- phishing emails disguised as embassy administrative notices, which were sent from compromised email addresses of other diplomatic entities. The campaign used services such as Trello, Firebase, and Dropbox for command and control. Once the hackers infiltrated the target system, they established long-term access and collected sensitive diplomatic and foreign policy information.
Suspected victims
- Diplomatic organizations in the Americas, Asia, and Europe
Suspected state sponsor
- Russian Federation
Type of incident
- Espionage
Target category
- Government
Victim government reaction
- Unknown