The U.S. Cyber Command (USCYBERCOM) on Tuesday warned that it had spotted attacks exploiting a Microsoft Outlook vulnerability tracked as CVE-2017-11774 in an effort to deliver malware.
According to USCYBERCOM, which started sharing malware samples via the VirusTotal intelligence service in November 2018, the attackers delivered malware using the customermgmt.net domain. USCYBERCOM has shared several malware samples related to the attack and advised users to ensure that they have patched CVE-2017-11774.
The vulnerability, which Microsoft fixed in October 2017, has been described as a security feature bypass that can allow an attacker to execute arbitrary commands on targeted systems. The flaw was discovered by researchers at SensePost, which integrated the exploit into its open source testing tool Ruler.
FireEye reported in December 2018 that the Iran-linked cyberspy group tracked as APT33 had been using CVE-2017-11774 and the Ruler tool to deliver malware. FireEye believes the attacks referenced by USCYBERCOM were also launched by APT33.
FireEye’s Nick Carr said on Tuesday that much of the information shared back in December still applies to the threat actor’s current campaign, which started in mid-June.
Palo Alto Networks researcher Bryan Lee has also link ..
Support the originator by clicking the read the rest link below.
