Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks
As mentioned in our previous blog, we observed the Sofacy group using a new persistence mechanism that we call “Office Test” to load their Trojan each time the user opened Microsoft Office applications. Following the report, we received several questions regarding this persistence method, specifically how it works and which versions of Microsoft Office were