Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine

Threat actors associated with Russian intelligence are using the fear or nuclear war to spread data-stealing malware in Ukraine. In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting users with malware that steals credentials stored in browsers. Follina is a recently-discovered zero-day exploit that uses the ms-msdt protocol to load malicious code from Word documents when they are opened. The content of the document is an article from the Atlantic Council called “Will Putin use nuclear weapons in Ukraine? The new variant uses the same method but a different domain, www.specialityllc[.]com.
Read more about it: here