Security team finds Crimea manifesto buried in VBA Rat using double attack vectors


Hossein Jazi and Malwarebytes’ Threat Intelligence team released a report on Thursday highlighting a new threat actor potentially targeting Russian and pro-Russian individuals.

The attackers included a manifesto about Crimea, indicating the attack may have been politically motivated. The attacks feature a suspicious document named “Manifest.docx” that uniquely downloads and executes double attack vectors: remote template injection and CVE-2021-26411, an Internet Explorer exploit.

“Both techniques have been loaded by malicious documents using the template injection technique. The first template contains a url to download a remote template that has an embedded full-featured VBA Rat. This Rat has several different capabilities including downloading, uploading and executing files,” Jazi said.

Read more…
Source: ZDNet