Russian hacking tool gets extra stealthy to target US, European computers This malicious software will email your hacker from your computer without you ever knowing November 20, 2018 https://www.cnet.com/news/new-russi...tra-stealthy-to-target-us-european-computers/
From the end of the c|net article... They could use a service like MailWasher and open the email while it's still on a Firetrust server, which would give the recipient an idea of what the email contained without it ever touching the user's machine.
You right, same old ***** but people still fall to it... I remember the first lessons that my computer teacher told "Always keep macros disabled and never enable them unless you are really,really, really sure". And that was over two decades ago...
This attack had nothing to do with Word macro usage: I am assuming that as long as the .docx file was open in Protected Mode, the remote template download would be blocked. However, since templates are internally integrated into Word, I am not 100% sure this would be the case.
Also the following Reddit posting is a bit disturbing in that it appears remote template loading is indeed allowed in Protected Mode. So the main question is if a malicious remote template download could bypass Protected Mode? Entirely possible I believe on older MS Office versions that do not use AppContainer. https://superuser.com/questions/98983/word-documents-looking-for-template-on-network-drive
Ok, I got lazy and didn't read the Palo Alto article. Implied but not specifically stated in the article is that the macro execution in the downloaded remote template to execute the macro imbedded in the Word document will override Word macro block security settings. So I guess that needs to be checked out. I also checked out my MS Word default template settings and only templates from local directories are allowed. So I am assuming one has to receive some type of alert in Word to allow the remote template download?