A Russian hacking group, APT28, has developed a new Outlook backdoor called NotDoor that uses VBA macros to monitor emails and exfiltrate data. This sophisticated malware employs cloud services and obfuscation techniques for covert operations, highlighting evolving cyber threat tactics. #APT28 #NotDoor #OutlookBackdoor #MicrosoftExploitation #CyberEspionage
Keypoints
- NotDoor is a VBA macro-based backdoor targeting Outlook users in NATO countries.
- The malware uses OneDrive DLL side-loading to gain initial access and disable macro protections.
- It exfiltrates data via encrypted emails and supports command execution, file uploads, and downloads.
- Attackers abuse Microsoft Dev Tunnels and Telegram Telegraph for stealthy command-and-control communication.