Fancy Bear, attackers linked to the Russian state, are taking advantage of mouse movements in fraudulent Microsoft PowerPoint documents to install malware on companies. The group of hackers, also known as APT28, Pawn Storm or Tsar Team, have as their main target entities or individuals who work in the defense sectors and the governments of European countries.
It has been discovered that cybercriminals use as a lure a template linked to the Organization for Economic Co-operation and Development (OECD). To activate the virus on devices, users need to start presentation mode and move the mouse about the document.
A company specialized in comprehensive technological solutions and an expert in cybersecurity called Nunsys has evaluated the threat to find out in detail how it acts on computers. In a press release, the firm has clarified that the Trojan is a variant of graphitewhich uses the Microsoft Grafh API and OneDrive for command and control communications to obtain information.
Tips to prevent these types of attacks
Rafael Vidal Iniesta, cybersecurity and IT government business manager at Nunsys, explains that the purpose of cyberattacks is to reach government and defense entities, however, he warns that “It is not advisable to neglect surveillance in the rest of the industriesespecially given the widespread use of PowerPoint as an office tool in all kinds of businesses.”
It is recommended that companies have tools for endpoint detection and response (EDR), which monitors the traffic between devices and the network to protect the workstation. They also detail that the use of macros in office documents that come from unreliable and external sources, such as emails, should be prohibited.
Also, it is key to have toolse centralized management and deployment of security patches of operating systems, to ensure that workers are using the latest version. On the other hand, it is convenient to make backup copies for possible cases of ransomware.
Nunsys advises deploying security devices perimeter security as firewalls, with the aim of filtering the connections established to and from computers and other devices for business use.
Sign up for our newsletter and receive the latest technology news in your email.