A threat actor has used sophisticated Word documents to deliver Flash exploits in attacks aimed at NATO governments, reported Cisco’s Talos security intelligence and research group.
According to researchers, attackers have used specially designed documents to perform reconnaissance on infected systems and avoid sandboxes. Talos has compared this reconnaissance framework to the Russian Matryoshka nesting doll due to its complex workflow.