PowerPoint files are being hacked to spread this new Russian malware

Researchers have uncovered a new cyber-espionage campaign that leverages a dangerous PowerPoint vulnerability to deliver the Graphite malwa...

Researchers have uncovered a new cyber-espionage campaign that leverages a dangerous PowerPoint vulnerability to deliver the Graphite malware to target endpoints.

What makes this campaign particularly dangerous is the fact that the victims don’t actually need to click a link, or download the malware itself - a mouse hover is enough to trigger the attack. 

Cybersecurity researchers Cluster25 recently spotted APT28, also known as Fancy Bear, distributing a PowerPoint (.PPT) presentation pretending to come from the Organization for Economic Co-Operation and Development (OECD). 

State-sponsored actors

In the .PPT are two slides, containing a hyperlink. When the victim hovers their mouse over the hyperlink, it triggers a PowerShell script, using the SyncAppvPublishingServer utility, it was explained. The script downloads a JPEG file titled DSC0002.jpeg from a Microsoft OneDrive account. The JPEG is, in fact, an encrypted .DLL file called Imapi2.dll. This file later pulls and decrypts a second .JPEG - the Graphite malware in portable executable (PE) form. 

As per Malpedia, Graphite was first discovered by researchers at Trellix, which described it as malware that uses Microsoft Graph API and OneDrive as its C2. Initially, it was being deployed in-memory, and its goal was to download the Empire post-exploitation agent.

APT28 is a well-known threat actor, allegedly on Russia’s payroll. Security experts believe the group is part of the Main Intelligence Directorate of the Russian General Staff, or GRU. 

The group has been distributing Graphite via this technique since early September, the researchers believe, further adding that its most likely targets are organizations in defense and government sectors, of countries in the EU, as well as Eastern Europe.

Ever since the invasion of Ukraine, the cyber-war between Russia and the West has intensified. In mid-April this year, Microsoft reported taking down seven domains that Russian cybercriminals were using in cyberattacks against Ukrainian targets, mostly government institutions and the media.

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/HJrnby9
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: PowerPoint files are being hacked to spread this new Russian malware
PowerPoint files are being hacked to spread this new Russian malware
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/09/powerpoint-files-are-being-hacked-to.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/09/powerpoint-files-are-being-hacked-to.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy