All news with #microsoft outlook tag

APT28 Deploys NotDoor: Outlook VBA Backdoor in NATO

🔒 NotDoor is a newly reported Outlook VBA backdoor attributed to the Russian state-sponsored actor APT28 that monitors incoming mail for a trigger phrase and enables data exfiltration, file drops, and remote command execution. S2 Grupo's LAB52 describes deployment via DLL side-loading of onedrive.exe, which loads a malicious SSPICLI.dll, disables macro protections, and runs Base64-encoded PowerShell to establish persistence. The implant watches for a trigger such as "Daily Report" and supports four commands — cmd, cmdno, dwn and upl — sending stolen files via Proton Mail.