US Cyber Command issues alert about attack campaign exploiting Outlook vulnerability

• Tracked as CVE-2017-11774, the vulnerability is being exploited by threat actors to deploy malware on government networks.
• The flaw can allow a threat actor to bypass the Outlook sandbox and run malicious code on the systems.

US Cyber Command has issued an alert on Twitter about the exploitation of a known vulnerability in Microsoft’s Outlook. Tracked as CVE-2017-11774, the vulnerability is being exploited by threat actors to deploy malware on government networks.

What is the vulnerability?

The Outlook bug, CVE-2017-11774, was discovered and detailed by security researchers from SensePost. The flaw can allow a threat actor to bypass the Outlook sandbox and run malicious code on the systems.

The vulnerability was used as an exploitation channel by an Iranian state-sponsored hacking group APT33 (or Elfin) in 2018. The APT group is primarily known for developing the Shamoon disk-wiping malware.

"In December 2018, ATP33 hackers were using the vulnerability to deploy backdoors on web servers, which they were later using to push the CVE-2017-11774 exploit to users' inboxes, so they can infect their systems with malware," said the report from FireEye.

Targets of APT33 group

The well-known Iranian hacking group APT33 has carried out its cyber-espionage operations since at least 2013. The group has targeted organizations spanning across multiple sectors headquartered in the US, Saudi Arabia, and South Korea.

Addressing the vulnerability

The vulnerability CVE-2017-11774 has been patched in Outlook in the October 2017 Patch Tuesday. Thus, users are advised to apply the patch immediately in order to prevent falling victim to cyberattacks.