In the world of cybersecurity, there’s troubling news again. The Russian hacking group APT28 (also known as Fancy Bear) has launched a new campaign against companies in NATO countries. But what does this mean for ordinary users? Let’s break it down in simple terms.
What did the hackers come up with?
The hackers created malware called NotDoor. It’s not a virus in the usual sense — it hides inside Outlook (the email client).
The program stays dormant and waits for a specific email. As soon as a message with the “right” keyword in the subject line arrives, for example Daily Report, the malware activates and starts executing commands from the attackers.
How does it get onto a computer?
The trick here is quite sophisticated:
1. The malware disguises itself as a OneDrive file (Microsoft’s cloud service).
2. It uses a technique called DLL side-loading — meaning it runs as if it were a legitimate system file.
3. After launch, it disables macro protections in Office documents and opens access for the attackers.
What can it do?
Once activated, NotDoor can:
– Execute commands on your computer.
– Steal files and send them to the hackers.
– Download new files onto the victim’s computer.
– Operate silently, without showing any windows or alerts.
All stolen information is exfiltrated through encrypted channels — including Proton Mail (anonymous email), Telegram, and even Microsoft services.
Why is this dangerous?
The main problem is that this type of attack is almost invisible.
A person continues working at their computer, checking email, without realizing that their data is already being sent to hackers.
This is a threat not only to large companies and governments, but also to ordinary employees who receive such emails on their corporate accounts.
How can you protect yourself?
A few simple rules can significantly reduce the risk:
– Do not open attachments from unknown senders.
– Do not enable macros in Word or Excel documents if prompted.
– Keep Windows and Office up to date to close known vulnerabilities.
– Use antivirus software and enable scanning of suspicious files.
– If you work in a company, make sure administrators disable unnecessary features (such as macros from the internet).
Conclusion
The APT28 attack using NotDoor is another reminder that cyber threats are becoming increasingly sophisticated. Today, NATO companies are the primary targets, but tomorrow the same techniques may be used against ordinary users.
Stay alert: security starts with caution when handling emails and files.