Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection

Key Takeaways Cyble Research and Intelligence Labs (CRIL) observed an interesting campaign that utilized malicious LNK files, which could potentially be distributed via spam email. The Threat Actor (TA) behind this campaign uses human rights seminar invitations and public advisories as a lure to infect users with a malicious payload. This campaign highlights the attackers' sophistication by embedding lure PDFs and MSBuild project files within the .LNK files for seamless execution. The TA execute