US Cyber Command issues alert about attack campaign exploiting Outlook vulnerability
- Tracked as CVE-2017-11774, the vulnerability is being exploited by threat actors to deploy malware on government networks.
- The flaw can allow a threat actor to bypass the Outlook sandbox and run malicious code on the systems.
US Cyber Command has issued an alert on Twitter about the exploitation of a known vulnerability in Microsoft’s Outlook. Tracked as CVE-2017-11774, the vulnerability is being exploited by threat actors to deploy malware on government networks.
What is the vulnerability?
The Outlook bug, CVE-2017-11774, was discovered and detailed by security researchers from SensePost. The flaw can allow a threat actor to bypass the Outlook sandbox and run malicious code on the systems.
The vulnerability was used as an exploitation channel by an Iranian state-sponsored hacking group APT33 (or Elfin) in 2018. The APT group is primarily known for developing the Shamoon disk-wiping malware.
"In December 2018, ATP33 hackers were using the vulnerability to deploy backdoors on web servers, which they were later using to push the CVE-2017-11774 exploit to users' inboxes, so they can infect their systems with malware," said the report from FireEye.
Targets of APT33 group
The well-known Iranian hacking group APT33 has carried out its cyber-espionage operations since at least 2013. The group has targeted organizations spanning across multiple sectors headquartered in the US, Saudi Arabia, and South Korea.
Addressing the vulnerability
The vulnerability CVE-2017-11774 has been patched in Outlook in the October 2017 Patch Tuesday. Thus, users are advised to apply the patch immediately in order to prevent falling victim to cyberattacks.