All news with #vba macros tag

UDPGangster Backdoor Campaigns Target Turkey, Israel

🔒FortiGuard Labs reports multiple campaigns deploying the UDPGangster UDP-based backdoor, attributed to the MuddyWater espionage group. Attackers used macro-embedded Microsoft Word documents delivered via phishing, impersonating official Turkish emails and targeting users in Turkey, Israel, and Azerbaijan. The malware implements persistence, extensive anti-analysis checks, and UDP C2 communications to exfiltrate data and execute remote commands. Fortinet detections and protections are available to mitigate these threats.

APT28 Deploys NotDoor: Outlook VBA Backdoor in NATO

🔒 NotDoor is a newly reported Outlook VBA backdoor attributed to the Russian state-sponsored actor APT28 that monitors incoming mail for a trigger phrase and enables data exfiltration, file drops, and remote command execution. S2 Grupo's LAB52 describes deployment via DLL side-loading of onedrive.exe, which loads a malicious SSPICLI.dll, disables macro protections, and runs Base64-encoded PowerShell to establish persistence. The implant watches for a trigger such as "Daily Report" and supports four commands — cmd, cmdno, dwn and upl — sending stolen files via Proton Mail.