A malicious group known as the “Inception attackers” has been using a year-old Office exploit and a new backdoor in recent attacks, Palo Alto Networks security researchers warn. Active since at least 2014, the group has used custom malware and against targets spanning various industries worldwide, with a special interest in Russia.
In October 2018, the threat actor was observed hitting various European targets in attacks employing an exploit for a vulnerability (CVE-2017-11882) that Microsoft patched in November 2017. Furthermore, the hackers were using a new PowerShell backdoor dubbed POWERSHOWER, which revealed high attention to detail in terms of cleaning up after infection.
Read more about the Inception attackers on SecurityWeek.