A new digitally-signed Bandook malware sample is spotted in the wild, aiming at high-value targets across multiple sectors, including government, financial, energy, food industry, healthcare, education, IT, and legal institutions. Victims have been spotted covering a diverse and large geographical area. reportedly, a cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. The infection chain is a three-stage process that begins with a lure Microsoft Word document (e.g. “Certified documents.docx”) delivered inside a ZIP file that, when opened, downloads malicious macros, which subsequently proceeds to drop and execute a second-stage PowerShell script encrypted inside the original Word document.