The doc attachment contacts a link, exploiting the Equation Editor vulnerability, and downloads an exe: the malware. Data is then exfiltered via SMTP to an email address.
The U.S. offers up to 10 million for information to counter the November election meddling. Especially by foreign governments
The U.S. Government offers a reward of up to $10 million for information leading to the identification or location of any cyber actor who, while acting at the direction of or under the control of a foreign government, interferes with any United States federal, state, or local election. It has been announced by the Rewards for Justice (RFJ) program. According a release, “certain malicious cyber operations targeting election or campaign infrastructure can implicate the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, which criminalizes unauthorized computer intrusions and other forms of fraud related to computers”. Furthermore, “the ability of persons, as well as foreign powers, to interfere in or undermine public confidence in United States elections, including through the unauthorized accessing of election and campaign infrastructure, constitutes an unusual and extraordinary threat to the national security and foreign policy of the United States.”
Foreign malicious cyber operations could target the vote, the infrastructure, and political groups or campaigns. APTs already attacked Trump and Biden staffers with phishing
The U.S. government is worried about the risk that “foreign adversaries could employ malicious cyber operations targeting election infrastructure, including voter registration databases and voting machines, to impair an election in the United States. Such adversaries could also conduct malicious cyber operations against U.S. political organizations or campaigns to steal confidential information and then leak that information as part of influence operations to undermine political organizations or candidates.” Recently, Google’s TAG cyber security researchers warned that APTs were already targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails. The first was attacked by the Iranian APT35, aka Newscaster Team, and the second by the chinese APT31 (aka ZIRCONIUM, JUDGMENT PANDA, and BRONZE VINEWOOD). Furthermore, the approach of the elections certainly will boost the cyber warfare/info warfare hostile efforts.