Technology

What is the Russian Powerpoint Cyber ​​Scam and How Can You Avoid It?

Fancy Bears, Russian state-linked attackers, are taking advantage of mouse movements in fraudulent Microsoft PowerPoint documents to install malware on companies. A group of hackers, also known as APT28, pawn storms or Tsar teams, their main targets are entities or individuals who work in the defense sectors and governments of European countries.

Cybercriminals have been found using templates linked to the Organization for Economic Co-operation and Development (OECD) as a lure. To activate the virus on devices, users need to start Presentation Mode and Mouse Move About document.



Nunsys, a company specializing in comprehensive technical solutions and an expert in cyber security, has evaluated this threat to find out how it acts on computers. In a press release, the firm clarified that the Trojan is a type of leadWhich uses Microsoft Graph API for command and control communication and OneDrive to receive information.

Tips to prevent these types of attacks

Rafael Vidal Iniesta, government business manager for cyber security and IT at Nunsys, explains that cyber attacks are aimed at reaching government and defense entities, however, he cautions that “It is not fair to ignore monitoring in the rest of the industry.Especially given the widespread use of PowerPoint as an office tool across all types of businesses.”

It is recommended that companies have tools for endpoint detection and response (EDR), which monitors traffic between devices and the network to protect the workstation. They also elaborate that the use of macros in Office documents that come from untrusted and external sources, such as email, should be prohibited.


Apps that stole social network credentials were found in the Play Store and App Store.

Also, it is important to have the toolsCentralized management and deployment of security patches operating system, to ensure that workers are using the latest version. On the other hand, it is convenient to make backup copies for potential cases of ransomware.

Nunsys recommends deploying security tools perimeter security As a firewall, for the purpose of filtering established connections from computers and other devices for commercial use.

Sign up for our newsletter and receive the latest tech news in your email.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button