The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool
![]()
source https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html
source https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html