loader gif

US Cyber Command issues alert about attack campaign exploiting Outlook vulnerability

US Cyber Command issues alert about attack campaign exploiting Outlook vulnerability
  • Tracked as CVE-2017-11774, the vulnerability is being exploited by threat actors to deploy malware on government networks.
  • The flaw can allow a threat actor to bypass the Outlook sandbox and run malicious code on the systems.

US Cyber Command has issued an alert on Twitter about the exploitation of a known vulnerability in Microsoft’s Outlook. Tracked as CVE-2017-11774, the vulnerability is being exploited by threat actors to deploy malware on government networks.

What is the vulnerability?

The Outlook bug, CVE-2017-11774, was discovered and detailed by security researchers from SensePost. The flaw can allow a threat actor to bypass the Outlook sandbox and run malicious code on the systems.

The vulnerability was used as an exploitation channel by an Iranian state-sponsored hacking group APT33 (or Elfin) in 2018. The APT group is primarily known for developing the Shamoon disk-wiping malware.

"In December 2018, ATP33 hackers were using the vulnerability to deploy backdoors on web servers, which they were later using to push the CVE-2017-11774 exploit to users' inboxes, so they can infect their systems with malware," said the report from FireEye.

Targets of APT33 group

The well-known Iranian hacking group APT33 has carried out its cyber-espionage operations since at least 2013. The group has targeted organizations spanning across multiple sectors headquartered in the US, Saudi Arabia, and South Korea.

Addressing the vulnerability

The vulnerability CVE-2017-11774 has been patched in Outlook in the October 2017 Patch Tuesday. Thus, users are advised to apply the patch immediately in order to prevent falling victim to cyberattacks.

loader gif