
← Back to Labs
← Volver a Labs
Medium
APT, Campaign, Malware
Persistence
EDR
Fancy Bear's NotDoor: Hijacking Outlook for NATO Espionage via OneDrive Side-Loading
The Russian-linked Fancy Bear (aka APT28) has unleashed NotDoor, a high-stakes espionage campaign targeting NATO member countries. By side-loading through OneDrive trusted application, they silently rewire Windows registries disabling security alerts and forcing malicious macros to run automatically, turning Outlook into a covert Command and Control (C2) channel for attackers.



