BI.ZONE said the Paper Werewolf delivered the exploits in July and August through archives attached to emails impersonating employees of the All-Russian Research Institute. The ultimate goal was to install malware that gave Paper Werewolf access to infected systems.
While the discoveries by ESET and BI.ZONE were independent of each other, it’s unknown if the groups exploiting the vulnerabilities are connected or acquired the knowledge from the same source. BI.ZONE speculated that Paper Werewolf may have procured the vulnerabilities in a dark market crime forum.
ESET said the attacks it observed followed three execution chains. One chain, used in attacks targeting a specific organization, executed a malicious DLL file
→ Continue reading at Ars Technica