Bears snuffling around CyCon phish.
Fancy Bear (APT28, Russia's GRU) is phishing around the CyCon conference set for Washington, DC on 7 and 8 November. Sponsored by the US Army Cyber Institute and NATO's Cooperative Cyber Defence Centre of Excellence, the conference's theme is "the future of cyber conflict." Fancy Bear is using a baited Word document carrying Seduploader, a reconnaissance tool useful in determining which targets deserve closer attention. The phishbait document, a cut-and-paste job designed to look like an event flier, is "Conference_on_Cyber_Conflict.doc" (Cisco Talos Blog).
APT28 is being widely razzed for "lame" phishing. "Oh you silly APT28, show some respect," is Bleeping Computer's admonition to the Russian hackers. Apparently few NATO phish have taken the bait, but it would surely be a first if everyone who received the malicious document just spit the hook and went on with life.