Hackers Exploiting Microsoft Outlook Vulnerability Warns America
The recent increase in state-sponsored cyber campaigns have not diminished in the short term. US Cyber Command has reported that non-state actors were exploiting the long-non-patched Outlook 2017 vulnerability, to escape the mail client’s sandbox and run a malicious program on the target system. Although the officials did not specify who was involved, several references mentioned possible links with Iran.
In two weeks, it launched a cyberattack on the computer system of an Iranian intelligence group controlling the launch of missiles. The United States on Wednesday issued an unprecedented warning that the vulnerabilities of Microsoft Outlook related to Iran were “actively malicious”.
The vulnerability is a security issue that Microsoft corrected in Outlook in 2017. However, some un-updated computers are still exposed to risk.
In a tweet, US Cyber Command said: “USCYBERCOM has discovered active malicious use of “CVE-2017-11774″ and recommends immediate #patching.”
According to the ZDNet report, the bug “CVE-2017-11774”, first discovered by SensePost researchers, was developed by a state-sponsored Iranian hacking group called APT33 (or Elfin), mainly known for the development of a hacking tool called Shamoon APT33 group.
This Outlook vulnerability, threat actors can escape from a limited Outlook environment and execute malicious code in the underlying operating system.
“In December 2018, ATP33 hackers were using the vulnerability to deploy backdoor on web servers, which they were later used to push the CVE-2017-11774 to exploit to users” in boxes, so they can infect their systems with malware,” said the report.
The FireEye cyber security company has also published numerous reports on APT33 in relation to Iran.
“Over the past few years, we have been tracking a separate, less widely known, suspected Iranian group with potential destructive capabilities, whom we call APT33,” FireEye said recently.
This analysis shows that APT33 is a capable group that conducts cyber espionage operations “under the command of the Iranian government” since at least 2013.
APT33 has targeted organizations based in the United States, Saudi Arabia, and South Korea, covering several sectors.
The possibility of an Iranian attack took place after the cyberattack on the US last month that targeted computer systems that control missile and rocket launches to prevent potential disruptions.
The strike, approved by US President Donald Trump, was led by the US Cyber Command in coordination with US Central Command
The attack took place at the height of tensions between the United States and Iran this week following a series of incidents in the Middle East, including the destruction of a US drone by Tehran.
The United States feared that Iran would try to attack with its own cyber-attacks. Several cybersecurity companies said they had already seen signs that Tehran was targeting computer networks relevant to the intrusion and appeared to be particularly focused on the US government and the US energy sector, including oil and gas suppliers.
Kevin Jones937 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.