FortiGuard Labs detected a malicious document masquerading as a communication from Energoatom, a state-run entity responsible for managing Ukraine's nuclear power stations. Threat actors were found using the Havoc Demon backdoor camouflaged as a legitimate component of Microsoft Office. It was even signed with an invalid portal[.]office[.]com certificate.