The Gonepostal malware has been observed in an espionage campaign linked to KTA007 (aka Fancy Bear/APT28), a Russian state-sponsored group tied to GRU Unit 26165. The malware consists of a dropper DLL and a password-protected Outlook macro file (VbaProject.OTM) that enables backdoor access via email-based C2....