Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Governments Used Microsoft Office Zero-Day for Cyber Espionage
#1
http://news.softpedia.com/news/governmen...4843.shtml    Governments Used Microsoft Office Zero-Day for Cyber Espionage

The flaw was already patched by Microsoft on Tuesday
Apr 13, 2017 07:52 GMT  ·  By Bogdan Popa ·  Share:      
The zero-day flaw in Microsoft Word and WordPad that allowed attackers to infect systems with malware when users launched a malicious RTF document has been used by governments for cyber espionage, according to a new report from security company Fire Eye.

As we reported earlier this week, Fire Eye is one of the companies that discovered the vulnerability and reported it to Microsoft, warning that attacks were carried out by multiple actors.

Now in a follow-up post, Fire Eye reveals that attacks trying to exploit CVE-2017-0199 were launched by “financially motivated and nation-state” since January, with two malware families associated with exploits, namely FINSPY and LATENTBOT. There’s evidence that all attackers gained the exploit code from the same source, the security firm says.

And here comes the interesting part. Fire Eye notes that the first signs of attacks trying to exploit this Microsoft Office vulnerability were observed in a document referencing a Russian Ministry of Defense decree and other documents related to the so-called “Donetsk People's Republic.” Using the zero-day, attackers attempted to deploy FINSPY on target systems, the security researchers point out.

Patch already available
The document was called СПУТНИК РАЗВЕДЧИКА.doc and is clearly aimed at Russian-speaking victims, shipping as a military training manual that users need to open on their computers to activate the exploit.

The malicious document connects to other servers in an attempt to download further payloads, but also other compromised documents, including a file called prikaz.doc that’s described as a Russian Ministry of Defense decree regarding a forest management plan.

“Though we have not identified the targets, FINSPY is sold by Gamma Group to multiple nation-state clients, and we assess with moderate confidence that it was being used along with the zero-day to carry out cyber espionage,” Fire Eye says.

Microsoft has already issued a fix on Patch Tuesday and users are recommended to install it as soon as possible. The zero-day exists in all versions of Microsoft Office and can be exploited on all versions of Windows as well, with WordPad also said to be affected when trying to open compromised RTF documents.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Microsoft: Office 365 is blocking emails from Google, LinkedIn domains tarekma7 0 825 05-22-2021 , 04:18 PM
Last Post: tarekma7
  Sandbox evasion malware used for cyber espionage, new study shows Bjyda 2 1,231 03-09-2021 , 04:04 AM
Last Post: mrtrout
  Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack mrtrout 0 950 12-24-2020 , 06:49 AM
Last Post: mrtrout
  Microsoft Office 365 Admins Targeted by Ongoing Phishing Campaign tarekma7 0 1,458 11-17-2019 , 11:26 AM
Last Post: tarekma7
  Highly Active' Seedworm Group Hits IT Services, Governments Mohammad.Poorya 0 1,311 12-12-2018 , 02:05 AM
Last Post: Mohammad.Poorya

Forum Jump:


Users browsing this thread: 1 Guest(s)