Central Asian government organizations have been compromised with the new DownEx malware as part of an active advanced cyberespionage campaign potentially linked to Russian state-sponsored threat actors, according to The Hacker News. Attackers have leveraged spear-phishing emails with diplomat-themed lures that contain a Microsoft Word file-spoofing loader executable, which then prompts the extraction of a decoy file and a malicious HTML application tasked with next-stage payload retrieval, a report from Bitdefender revealed. Aside from fetching persistence-establishing malware, attacks have also been using DownEx malware and other custom tools for post-exploitation activities. Researchers have also discovered another DownEx variant that uses VBS Script instead of C++ but similarly facilitates data exfiltration and transmission. "This is a fileless attack the DownEx script is executed in memory and never touches the disk. ... This attack highlights the sophistication of a modern cyberattack. Cybercriminals are finding new methods for making their attacks more reliable," said Bitdefender.