January 28,2016
Attackers have begun using rigged Microsoft Word documents propagated via spearphishing emails to spread the BlackEnergy Trojan.
Researchers with Kaspersky Lab’s Global Research and Analysis Team discovered a malicious Word document last week that appears to stem from a campaign against one of the malware’s favorite targets, Ukraine.
Russian-speaking actors with the BlackEnergy APT group have been using rigged Excel files and Powerpoint files as an attack vector for the malware since mid-2015 but this is the first time the group has been using Word documents, GReAT Director Costin Raiu claims.