A recent hacking campaign targeted Ukraine by exploiting a 7-year-old vulnerability in Microsoft Office to deploy Cobalt Strike malware. The campaign was discovered by security experts at Deep Instinct Threat Lab, who found a malicious Powerpoint file containing a remote link to an external OLE object, demonstrating exploitation of CVE-2017-8570. The attackers utilized a cracked version of Cobalt Strike for post-exploitation activities, disguising the payload as a Cisco AnyConnect VPN file to evade detection
The researchers could not attribute the attacks to a known threat actor, but evidence pointed to origins in Ukraine with hosting in Russia and C2 server in Poland. The report includes IoCs to help organizations defend against similar attacks. https://securityaffairs.com/162420/hacking/ukraine-campaign-old-ms-office-bug.html