Fancy Bear Strikes Again: Russian Hackers Exploit Mouse Moves in PowerPoint to Spread Malware
Fancy Bear, aka APT28, is back, exploiting mouse movements in PowerPoint to spread Graphite malware. This Russian state-sponsored group is linked with GRU, the same folks blamed for hacking MH17 investigators in 2016. Now, they’re targeting government and defense sectors in Europe with their latest…
Hot Take:
Looks like Fancy Bear is back from hibernation with a new trick up its sleeve! Now, your mouse can be a double agent—time to upgrade from cat videos to cybersecurity tutorials, folks!
Key Points:
- Fancy Bear is employing a new attack method using mouse movements in MS PowerPoint files.
- The campaign involves a malicious PowerShell script executed via mouse hover in presentation mode.
- The initial payload is a harmless-looking image file that drops additional Graphite malware.
- The attack targets government and defense sectors, especially in Eastern Europe and Europe.
- Fancy Bear uses Microsoft Graph API and OneDrive for C2 communications and payload retrieval.
Membership Required
You must be a member to access this content.