Operation Gamaredon Covid-19
A campaign was discovered targeting the European region with spear-phishing emails using the coronavirus pandemic as a lure. After the malicious attachment was opened by the victim a document template was downloaded from the Internet which contained malicious macro code. A registry run key was created for persistence to make sure the malicious code ran each time the infected system started. Sensitive information was obfuscated and exfiltrated over commonly used ports to the attacker's command and control servers.