An Outlook vulnerability was being used to plant malware on government networks, according to the US Cyber Command.
This vulnerability, CVE-2017-11774, was patched in the October 2017 Patch last Tuesday.
This bug allows the hacker to run malicious code in the underlying operating system of Outlook.
The bug had been reported back in the fall of 2017, but by 2018, it was being weaponized by the hacking group known as APT33. APT33 is an Iranian state-sponsored hacking group. They are primarily known for developing the Shamoon disk wiping malware.
Apt33 was using the vulnerability to deploy backdoors on web servers, they could then use user’s inboxes to infect their systems with malware.
The US Cyber Command has not stated APT33 the culprit by name but they have pointed out the links in the new attacks and the ones previously seen by APT33. These new attacks are more than likely the same samples of malware attacks from APT33 in the past.
Two weeks ago, the Department of Homeland Security’s cyber-security agency, issued a warning of increased activity from disk -wiping malware such as Shamoon, which was APT33’s most used cyber-weapon.
Tired of paying to much for your Managed Services?
Why not give our Essential packages a look! We have exactly what every type of business needs.