APT29, a Russian state-sponsored threat actor, has been identified as the source of an advanced phishing campaign targeting diplomatic entities in Europe. The campaign involves the use of a new variant of WINELOADER and a previously unknown malware loader called GRAPELOADER. While the enhanced WINELOADER serves as a modular backdoor in later stages of the attack, GRAPELOADER is a newly discovered tool used in the initial stages of the campaign.