Insights, news, education and announcements from PolySwarm

Cozy Bear Uses GRAPELOADER in Recent Phishing Campaign

Apr 21, 2025 2:15:53 PM / by The Hivemind posted in Russia, Threat Bulletin, Cozy Bear, GRAPELOADER

Verticals Targeted: Government, Diplomatic Entities
Regions Targeted: Europe, Middle East
Related Families: WINELOADER, ROOTSAW

Executive Summary

A sophisticated phishing campaign by Cozy Bear, a Russia-linked threat actor, was recently observed targeting European diplomatic entities with GRAPELOADER and WINELOADER malware.

2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict

Dec 8, 2023 1:17:32 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, Cozy Bear, Killnet, Cadet Blizzard, LitterDrifter, Ghost Writer, Fancy Bear, VooDoo Bear, RedStinger, Nodaria, Cyber Regiment, IT Army of Ukraine, KibOrg, NLB

0 Comments

Executive Summary

The Russia-Ukraine conflict has continued throughout 2023, with a plethora of both state-sponsored and hacktivist cyber activity taking place alongside kinetic warfare. In this report, PolySwarm provides the highlights of cyber activity associated with the Russia-Ukraine conflict in 2023.

APT 29 Using Brute Ratel

Jul 25, 2022 1:58:05 PM / by PolySwarm Tech Team posted in Threat Bulletin, Brute Ratel, APT29, CozyDuke, brc4, Cozy Bear, Cozycar, Dark Halo, Dukes, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, YTTRIUM

0 Comments

Executive Summary

Palo Alto’s Unit 42 recently reported on Brute Ratel C4 (BRc4), a legitimate redteaming and adversarial attack simulation tool being abused by APT 29 threat actors.

The PolySwarm Blog

Cozy Bear Uses GRAPELOADER in Recent Phishing Campaign

Executive Summary

A sophisticated phishing campaign by Cozy Bear, a Russia-linked threat actor, was recently observed targeting European diplomatic entities with GRAPELOADER and WINELOADER malware.

2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict

Executive Summary

The Russia-Ukraine conflict has continued throughout 2023, with a plethora of both state-sponsored and hacktivist cyber activity taking place alongside kinetic warfare. In this report, PolySwarm provides the highlights of cyber activity associated with the Russia-Ukraine conflict in 2023.

APT 29 Using Brute Ratel

Subscribe to Email Updates

Lists by Topic

Posts by Topic

Recent Posts

Join the Marketplace

For Enterprises and Businesses

For Security Experts and AV Companies