Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries

Russian APT28 is deploying a new Outlook backdoor called NotDoor, targeting companies in NATO countries. The backdoor, delivered via OneDrive, uses VBA macros to monitor emails for a trigger word, enabling data exfiltration, file uploads, and command execution. It employs obfuscation techniques, including DLL side-loading and cloud service abuse, to evade detection.