Operation Malaysia 2020
A targeted campaign against the government sector of Malaysia was discovered using malicious Microsoft Word documents to infect users with a backdoor and exfiltrate sensitive information. The malevolent attachments used the Malaysian political crisis as lures to convince unsuspecting victims to open the files. Once opened the malware downloaded a remote template and executed VBA code to drop base64-encoded DLLs to multiple locations. Various techniques were used for defense evasion and persistence including registry run keys, obfuscation, process injection, and scripting.