APT28 Group DDE attacks with Seduploader

McAfee Advanced Threat Research analysts have spotted new malicious techniques used by the APT28 threat group.

The attack starts with a malicious document that leverages the Microsoft Office Dynamic Data Exchange (DDE) with PowerShell to allow an attacker to execute arbitrary code on a victim’s system.

According to the McAfee report, APT28 has recently used a new theme to capitalize on the recent terrorist attack in New York City.

Once the victim opens up the attachment, the document then reaches out to a control server used to then drop and infect the system with Seduploader malware.