Russia’s APT28 Targets Microsoft Outlook With ‘NotDoor’ Malware www.darkreading.com/endpoint-…

APT28, the state-sponsored threat group tied to Russian intelligence, is weaponizing Microsoft Outlook through a new backdoor researchers call “NotDoor.”

The backdoor malware was first identified by researchers from Lab52, the threat intelligence arm of Spanish cybersecurity firm S2 Grupo. In a blog post Wednesday, Lab52 explained how NotDoor allows threat actors to abuse Outlook as a covert communication, data exfiltration, and malware delivery channel.

“The artifact, dubbed NotDoor due to the use of the word ‘nothing’ within the code, is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word,” the blog post stated. “When such an email is detected, it enables an attacker to exfiltrate data, upload files, and execute commands on the victim’s computer.”