Skip to content

APT28 Using PowerPoint Mouseover Trick to Infect System with Malware

Table of Contents

The Russian state-sponsored threat actor known as APT28 (aka Fancy Bear) has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware.
The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a PowerShell script that downloads and executes a dropper from OneDrive."
Hackers Using PowerPoint Mouseover Trick to Infect System with Malware
Russian state-sponsored hackers have been found using a method of deploying malware that uses mouse movements in decoy Microsoft PowerPoint.

#APT #Campaign #Analysis #IoCs

Latest

Szele Tamás: Navalnij halála

Szele Tamás: Navalnij halála

Ma új fejezet kezdődött Oroszország történetében, aminek az elejét, meglehet, vérrel írják. De ha minden jól megy, a közepétől visszatérnek a tintához.

Members Public