An MSHTML vulnerability listed under CVE-2021-40444 is being used to target Russian entities, as per Malwarebytes. Malwarebytes Intelligence has detected email attachments directed especially against Russian enterprises. The first template they discovered is structured to resemble an internal communication within JSC GREC Makeyev. The Joint Stock Company State Rocket Center named after Academician V.P. Makeyev is a strategic asset of the country's defence and industrial complex for both the rocket and space industries. It is also the primary manufacturer of liquid and solid-fuel strategic missile systems with ballistic missiles, making it one of Russia's largest research and development centres for developing rocket and space technology. The email purports to be from the organization's Human Resources (HR) department. It stated that HR is conducting a check of the personal information given by workers. Employees are asked to fill out a form and send it to HR, or to respond to the email. When the recipient wishes to fill out the form, they must allow editing. And that action is sufficient to activate the exploit. When the target opens a malicious Office document, MSHTML loads a specially designed ActiveX control. The loaded ActiveX control can then execute arbitrary code to attack the machine with further malware. The second file, Malwarebytes discovered appears to be from Moscow's Ministry of the Interior. The attachment may be used to aim at a variety of fascinating targets. The documents' title translates to "Notification of illegal activity." It requests that the recipient complete the form and submit it to the Ministry of Internal Affairs, or respond to the email. It also encourages the targeted victim to do so within ..
Support the originator by clicking the read the rest link below.
