Russian state-sponsored threat actor APT29, also known as Cozy Bear, has been observed deploying a previously undocumented backdoor targeting government ministries across multiple NATO member states. The malware, dubbed "FrostBite" by researchers at CrowdStrike, uses advanced evasion techniques to bypass modern endpoint detection solutions.
The campaign, active since early 2026, leverages spear-phishing emails impersonating diplomatic correspondence to gain initial access. Once deployed, FrostBite establishes persistent access and exfiltrates sensitive government communications.