A new #backdoor targets 🇫🇷 french entities with unique attack chain.
Proofpoint observed new, targeted activity impacting French entities in the construction and government sectors. The threat actor used macro-enabled #Microsoft Word documents to distribute the Chocolatey installer package, an open-source package installer. The attack targeted French entities in the construction, real estate, and government industries. The attacker used a resume themed subject and lure purporting to be #GDPR information. The attacker used steganography, including a cartoon image, to download and install the Serpent backdoor. The attacker also demonstrated a novel detection bypass technique using a Scheduled Task. #france #cyber #windows #threats #business #informatique
