A sophisticated cyber campaign tied to Cozy Bear, a hacking group long suspected of operating under the direction of Russian intelligence services, has recently been uncovered targeting European diplomats. Cybersecurity company Check Point revealed on April 15 that the group launched a series of phishing attacks disguised as exclusive invitations to high-profile events. These invitations, crafted with polished subject lines such as “Wine Tasting Event” and “Diplomatic Dinner,” appeared to come from a well-known European foreign ministry. The true purpose of the emails was far more malicious, as they carried hidden malware designed to infiltrate sensitive diplomatic networks.

The campaign began in January and has not only focused on European Union officials but has also extended to embassies of non-EU countries located in Europe, as well as diplomats stationed in the Middle East. Check Point has not disclosed the exact ministry being impersonated but emphasized that it was among the largest and most influential within the EU. According to Sergey Shykevich, the firm’s threat intelligence lead, the wine-themed approach demonstrated creativity on the part of the attackers, who used cultural and professional contexts to make their emails appear more credible.

While it remains unclear whether any systems were successfully compromised, the operation underscores the increasingly tailored strategies being used by state-backed hacking groups to gain access to critical diplomatic communications. The incident also highlights the continued role of Cozy Bear in carrying out espionage-related cyber activities on behalf of Russian interests, maintaining a pattern seen in previous international campaigns.

In a separate development, the Singapore-based cryptocurrency exchange Bybit disclosed a breach affecting one of its Ethereum wallets. The theft, investigated by blockchain researcher ZachXBT, was traced to the Lazarus Group, a North Korean state-sponsored network of hackers notorious for carrying out some of the most significant cyber heists worldwide. Together, these incidents reflect the growing global scale of state-directed cyberattacks targeting both political and financial systems.