A new Russian-developed Outlook backdoor called “NotDoor” has been discovered, capable of monitoring emails, exfiltrating data, and executing commands. This malware, linked to APT28 (“Fancy Bear”), demonstrates ongoing evolution by bypassing traditional defenses and compromising multiple NATO-connected companies. #APT28 #NotDoor
Keypoints
- The malware is a VBA macro embedded in Outlook, utilizing Microsoft OneDrive.exe for deployment.
- It is designed to monitor incoming emails for specific trigger words to activate malicious actions.
- The backdoor can exfiltrate files, upload data, and execute commands on infected machines.
- Persistence is maintained through registry modifications and PowerShell commands to load macros.
- Detection rates are low, with only four out of 72 security vendors recognizing the SHA256 hashes of malicious files.
Read More: https://thecyberexpress.com/fancy-bear-apt28-outlook-backdoor/