CyberX security firm CyberX has identified over 70 organizations targeted in Ukraine cyber-espionage attacks. The attacks are mostly driven by spear-phishing emails that spread Word documents that contain malicious macros. CyberX researchers named this particular campaign BugDrop because crooks used the PC’s microphone’s to bug victims. Using Dropbox instead of a custom web server for collecting data is yet another sign hackers are trying to stay hidden as long as possible, experts said. The malware and techniques used in this campaign are similar to Groundbait, another campaign discovered in May 2016 by ESET.
Source: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-uses-microphones-and-dropbox-to-spy-on-ukrainian-targets/