Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Fancy Bear Strikes Again: Russian Hackers Exploit Mouse Moves in PowerPoint to Spread Malware
Fancy Bear, aka APT28, is back, exploiting mouse movements in PowerPoint to spread Graphite malware. This Russian state-sponsored group is linked with GRU, the same folks blamed for hacking MH17 investigators in 2016. Now, they’re targeting government and defense sectors in Europe with their latest…
Hot Take:
Looks like Fancy Bear is back from hibernation with a new trick up its sleeve! Now, your mouse can be a double agent—time to upgrade from cat videos to cybersecurity tutorials, folks!
Key Points:
- Fancy Bear is employing a new attack method using mouse movements in MS PowerPoint files.
- The campaign involves a malicious PowerShell script executed via mouse hover in presentation mode.
- The initial payload is a harmless-looking image file that drops additional Graphite malware.
- The attack targets government and defense sectors, especially in Eastern Europe and Europe.
- Fancy Bear uses Microsoft Graph API and OneDrive for C2 communications and payload retrieval.
Already a member? Log in here