Russian-linked persistent threat group Fancy Bear has been identified as the actor behind a recent phishing campaign that uses nuclear war as a lure in messages to entice targets into clicking a link that exploits a one-click Microsoft flaw. The ultimate goal is to steal credentials from the Chrome, Edge, and Firefox browsers. The attacks are ties to the Russian and Ukrainian war, according to Malwarebytes. The latest campaign sees the Fancy Bear group pushing malicious documents that contain Follina, the name for the aforementioned flaw.
Malwarebytes first observed the campaign and weaponized document on June 20. Security researchers stated that the document downloads and executes an information stealer first reported by Google. Security researchers also claim that the campaign is largely being pushed towards Ukrainian users. Capitalizing on the current state of affairs, the message subjects warn of nuclear war and devastation. This tricks users into clicking on malicious links without thinking, out of fear or urgency.
Read More: Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug