image credit: Vecteezy

Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks

August 17, 2023


An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors.

The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock, Midnight Blizzard, and The Dukes).

“The threat actor used Zulip – an open-source chat application – for command-and-control, to evade and hide its activities behind legitimate web traffic,” Dutch cybersecurity company EclecticIQ said in an analysis last week.

Read More on The Hacker News