VERY IMPORTANT

PT28, (also known as FancyBear, Sofacy, Sednit, and Pawn Storm) the Russian-speaking actors allegedly tied to the Kremlin, have launched another campaign. The latest, thought to have started in late October, utilises the recently discovered DDE exploit in Microsoft Office applications to download the Seduploader reconnaissance tool onto target machines in two stages. The seemingly blank documents, named “IsisAttackInNewYork.docx” and “SabreGaurdian.docx”, reference current events — the recent attack in Manhattan claimed by ISIS, and the ongoing US military operation in Eastern Europe.