The doc attachment contacts a link, exploiting the Equation Editor vulnerability, and downloads an exe: the malware. Data is then exfiltered via SMTP to an email address.
Russia declares war on VPNs. Moscow wants to prevent users, especially young people, from accessing sites and social networks by bypassing censorship. Objective: to reduce the risks of protests on Ukraine
The Moscow government is blocking VPNs in Russia to prevent the population from bypassing the strict censorship put on the web and social networks following the invasion of Ukraine. In particular, the target is young people, those who use this type of services the most and who are the most inclined towards protests against the executive. Both because they feel the burden of deprivation imposed by international sanctions more than the elderly and because they fear being recalled in the context of partial mobilization. In addition, they could provide valuable information to volunteer groups, such as Anonymous with its #OpRussia or the IT Army of Ukraine, to launch new waves of cyber warfare attacks across the nation. Consequently, the only VPNs and social networks that will be able to continue operating in the country will be those that will respect the restrictions set by the regime: the “controlled” ones, which will not allow users to access sites an social blocked by censorship.