U.S. Cyber Command Issues Alert about Hackers Exploiting Outlook Vulnerability

Last week, U.S. Cyber Command issued an alert via Twitter about threat actors abusing an Outlook vulnerability to plant malware on government networks. The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in October 2017. U.S. Cyber Command recommends immediate patching, if not done already. The bug allows a threat actor to escape from the Outlook sandbox and run malicious code on the underlying operating system. By 2018, it had been weaponized by an Iranian state-sponsored hacking group primarily known for developing the Shamoon disk-wiping malware. The malware samples shared by U.S. Cyber Command link the new attacks the agency is seeing to old malware samples – most likely deployed in new attacks against U.S. entities. This alert comes on the heels of an advisory issued by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in late-June (WaterISAC reported on the advisory both in an email to members and in the June 25 Security and Resilience Update). That advisory warned about increased activity from Iranian threat actors, and especially about the usage of disk-wiping malware such as Shamoon. Read the article at ZDNet.