Quote:The advanced persistent threat group Fancy Bear continues its attacks on government entities all around the world using a two-stage payload malware campaign dropping the Zebroy Trojan and a new Trojan dubbed Cannon as discovered by Palo Alto Networks's Unit 42.

The malicious emails distributed through Fancy Bear's new malware campaign will drop the Zebrocy Trojan as a first stage payload and a new Trojan named Cannon as a second stage payload.

The email-based communication channel used by Cannon to communicate with its command-and-control (C&C) servers is the most exciting behavior observed by Unit 42 while analyzing the new Trojan.

Moreover, using emails to communicate with the puppet masters controlling it might allow Cannon to avoid detection since most malware these days make use of HTTP and HTTPS communication channels.

As discovered by Unit 42, "The weaponized documents targeted several government entities around the globe, including North America, Europe, and a former USSR state."