Security researchers claim to have uncovered "several previously undocumented post-compromise tools" used by a Russia-linked APT to target Microsoft Office and Outlook through Visual Basic for Applications.
In a statement about its findings, Slovakian infosec biz ESET said the tools "inject malicious macros or references to remote templates into existing documents on the attacked system, which is a very efficient way of moving within an organization's network, as documents are routinely shared amongst colleagues."
The Gamaredon hacking crew is said to be targeting Outlook through Visual Basic for Applications (VBA), allowing attackers to access the target account's contact book so they can forward phishing emails to a new batch of potential victims.
"While abusing a compromised mailbox to send malicious emails without the victim's consent is not a new technique, we believe this is the first publicly documented case of an attack group ..
Support the originator by clicking the read the rest link below.
