APT29, a Russian threat group, targeted German political parties with a new backdoor called WINELOADER using spear-phishing emails containing malicious links to ZIP files hosted on compromised websites. The ZIP files deployed an HTA that initiated a multi-stage infection chain, delivering WINELOADER. The backdoor has functionalities for communication with command and control servers and utilizes evasion techniques.
Source: GBHackers