An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware calledDuke, which has been attributed toAPT29(aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock,