FancyBear: Hackers Utilize PowerPoint Files to Provide Malware.
Cluster25 scientists have actually just recently discovered a danger group, APT28, likewise referred to as FancyBear, and associated it to the Russian GRU (Main Intelligence Directorate of the Russian General Personnel). The group has actually utilized a brand-new code execution method that utilizes mouse motion in Microsoft PowerPoint to provide Graphite malware.
According to the scientists, the danger project has actually been actively targeting companies and people in the defense and federal government companies of the European Union and East European nations. The cyber espionage project is thought to be still active.
Approach of Hazard Star
The danger star apparently attracts victims with a PowerPoint file declaring to be connected with the Company for Economic Cooperation (OECD).
This file consists of 2 slides, with guidelines in English and French to access the translation function in zoom. Furthermore, it includes a link that serves as a trigger for providing a harmful PowerShell script that downloads a JPEG image bring an encrypted DLL file.
The resulting payload, Graphite malware remains in Portable Executable (PE) type, which enables the malware operator to pack other malware into the system memory.
” The code execution runs a PowerShell script that downloads and carries out a dropper from OneDrive. The latter downloads a payload that draws out and injects in itself a brand-new PE (Portable Executable) file, that the analysis revealed to be a variation of a malware household referred to as Graphite, that utilizes the Microsoft Chart API and OneDrive for C&C interactions.” States Cluster25, in its released analysis.
Read the full article here