In these attacks, the Sofacy group are employing an updated version of DealersChoice, a platform designed to exploit a Flash vulnerability in order to stealthily deliver a malicious payload in the form of trojan malware.
The updated incarnation of DealersChoice contains a new evasion technique which researchers say hasn't been observed before - the Flash object only loads when a specific page of the malicious document used to do delivery the attack is viewed.
Attacks against the European government organisation - researchers haven't specified which country the target is in - start
with spear-phishing emails with the subject of "Defence & Security 2018 Conference Agenda" which contain a Word document, titled "Defence & Security 2018 Conference Agenda.docx"
