A Cyber-espionage group associated with one of Russia's Intelligent forces affected the Slovak government for several months by deploying malware through phishing campaigns.

Slovak security firms ESET and IstroSec, first identified the group of Cyberspies that conducted the malware campaigns between February and July 2021. The security firms reported that the attacks were associated with a group called Dukes, Nobelium, or APT29, which is supposedly linked to the Russian Foreign Intelligence Service known as SVR involved in the SolarWinds attacks earlier this year.

ESET and IstroSec stated that the attackers recently choreographed multiple spear-phishing campaigns targeting Slovak officials. The operators behind SVR sent several emails to Slovak diplomats pretending to be the Slovak National Security Authority (NBU). The malicious emails included some documents, which after downloading installed a Cobalt Strike backdoor on infected systems.

The security team at IstroSec stated that "Some of the SVR C&C servers also hosted documents that appeared to have been aimed at Czech government officials as well." ESET tracked down the threat group's recent campaign that intended to target diplomats in approximately 13 European countries.

All the attacks followed similar mechanisms (email-> ISO disk image -> LNK shortcut file -> Cobalt Strike backdoor), a similar tactic that was used in two more incidents earlier this year from Volexity and Microsoft.