#socialengineering is the key. MFA push bombing to overwhelm your target in order to gain the desired passcode. It's interesting the idea of executing a binary through a Word document via PowerShell. I'm still wondering how, though.
Iranian hackers are breaching critical infrastructure organizations to collect credentials and network data that can be sold on cybercriminal forums to enable cyberattacks from other threat actors. https://lnkd.in/gtGk_k29