A known one-click Microsoft vulnerability is being exploited by the advanced persistent threat group Fancy Bear through a phishing campaign that invokes nuclear war.
The intention is to spread malware that can access the Chrome, Firefox, and Edge browsers and steal login information. Researchers at Malwarebytes Threat Intelligence believe that the assaults by the APT with ties to Russia are related to the conflict between Russia and Ukraine.
In a blog post this week, they claim that Fancy Bear is disseminating malicious documents that have been weaponized with the Follina (CVE-2022-30190) attack, a well-known one-click vulnerability in Microsoft software. The APT uses a malicious document and a known Microsoft vulnerability to load malware and steal login information from Chrome, Firefox, and Edge browsers.