Fancy Bear Microsoft Word attacks infect PCs sans macros

by Dan Goodin
Nov. 12, 2017 0 comments arstechnica.com Detection & Response fancybear

Fancy Bear, the advanced hacking group researchers say is tied to the Russian government, is actively exploiting a newly revived technique that gives attackers a stealthy means of infecting computers using Microsoft Office documents, security researchers said this week. Fancy Bear is one of two Russian-sponsored hacking outfits researchers say breached Democratic National Committee networks ahead of last year's presidential election. The group was recently caught sending a Word document that abuses a feature known as Dynamic Data Exchange. DDE allows a file to execute code stored in another file and allows applications to send updates as new data becomes available.

https://arstechnica.com/information-technology/2017/11/russia-linked-fancy-bear-attacks-abuse-mac...