Operation ‘Kremlin’: Potential Campaign Targeting RU Gov.
released on 2021-01-07 @ 05:16:53 PM
"ClearSky researchers identified a malicious “.docx” file that was uploaded to VirusTotal from Russia in mid-December. The file contains an obfuscated URL to a remote template which contains malicious VBA, eventually leading to the execution of VBS on the infected machine. The attack’s purpose is to stealthily exfiltrate information without running any external executables on the system."