Fancy Bear Strikes Again: Russian Hackers Exploit Mouse Moves in PowerPoint to Spread Malware

Fancy Bear, aka APT28, is back, exploiting mouse movements in PowerPoint to spread Graphite malware. This Russian state-sponsored group is linked with GRU, the same folks blamed for hacking MH17 investigators in 2016. Now, they’re targeting government and defense sectors in Europe with their latest PowerShell trickery.

3P
Published: June 23, 2024 10:18 amAdded: June 23, 2024 at 3:26 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Fancy Bear is back from hibernation with a new trick up its sleeve! Now, your mouse can be a double agent—time to upgrade from cat videos to cybersecurity tutorials, folks!

Key Points:

  • Fancy Bear is employing a new attack method using mouse movements in MS PowerPoint files.
  • The campaign involves a malicious PowerShell script executed via mouse hover in presentation mode.
  • The initial payload is a harmless-looking image file that drops additional Graphite malware.
  • The attack targets government and defense sectors, especially in Eastern Europe and Europe.
  • Fancy Bear uses Microsoft Graph API and OneDrive for C2 communications and payload retrieval.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?