Computer attack technology for gaining access based on remote implementation of a document template

Abstract

The article examines the technology of a new type of attack using viruses that are remotely introduced into Microsoft Word document templates. Microsoft Word has a feature that allows the user to create a document with a template. Whenever a Word document with a template is written/read, those templates are downloaded/used from the local or remote machine. In this way, attackers can place a Word document template (.dotm) file with malicious macros on their servers. Every time a victim opens a Word document, the document receives a malicious template from the attacker's server and executes it. The attack algorithm and methods of countering such attacks have been studied.

Keywords: Armageddon, cyber attack, template injection, Microsoft Word, phishing.

References
1. Війна в Україні. Пульс кіберзахисту. Дайджест: вересень-грудень 2022. – К.: ДССЗЗІ, 2022. – 9 с.
2. Gamaredon Leverages Microsoft Office Docs to Target Ukraine Government and Military. The BlackBerry Research & Intelligence Team. 11/21/22. https://blogs.blackberry.com/en/2022/11/gamaredon-leverages-microsoft-office-docs-to-target-ukraine-government
3. Хакерське угруповання Armageddon/Gamaredon. – К.: ДКІБ СБУ, 2021. – 34 с.
4. Sunggwan Choi. Remote Template Injection. https://blog.sunggwanchoi.com/remote-template-injection/