Russian threat actor APT 29 targeted diplomatic entities with spear- phishing emails disguised as embassy administrative notices, which were sent from compromised email addresses of other diplomatic entities. The campaign used services such as Trello, Firebase, and Dropbox for command and control. Once the hackers infiltrated the target system, they established long-term access and collected sensitive diplomatic and foreign policy information.
- Diplomatic organizations in the Americas, Asia, and Europe
Suspected state sponsor
- Russian Federation
Type of incident
Victim government reaction