Targeting of diplomatic organizations in the Americas, Asia, and Europe

Date of report

April 2022

Affiliations

The Dukes

Russian threat actor APT 29 targeted diplomatic entities with spear- phishing emails disguised as embassy administrative notices, which were sent from compromised email addresses of other diplomatic entities. The campaign used services such as Trello, Firebase, and Dropbox for command and control. Once the hackers infiltrated the target system, they established long-term access and collected sensitive diplomatic and foreign policy information.

Suspected victims

Diplomatic organizations in the Americas, Asia, and Europe

Suspected state sponsor

Russian Federation

Type of incident

Espionage

Target category

Government

Victim government reaction

Unknown

Trello From the Other Side: Tracking APT29 Phishing Campaigns
Russia-linked APT29 targets diplomatic and government organizations

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events