![]() ![]() ![]() > FireEye said criminals used social engineering to trick victims into opening the attachments with generic subject lines like “hire_form.doc”, “!!!URGENT!!!READ!!!.doc”, “PDP.doc”, and “document.doc”. Latentbot has several malicious capabilities including credential theft, remote desktop functions, hard drive and data wiping, and the ability to disable antivirus software. Months later in March, the same then-zero-day vulnerability was used to install Latentbot, a bot-like, information-stealing and remote-access malware package used by financially motivated criminals. “Additionally, this incident exposes the global nature of cyber threats and the value of worldwide perspective-a cyber espionage incident targeting Russians can provide an opportunity to learn about and interdict crime against English speakers elsewhere.” > “Though only one Finspy user has been observed leveraging this zero-day exploit, the historical scope of Finspy, a capability used by several nation-states, suggests other customers had access to it,” FireEye researchers said. ![]() The news comes after security firm FireEye, that independently discovered this flaw last month, published a blog post, revealing that FinSpy spyware was installed as early as January using the same vulnerability in Word that was patched on Tuesday by Microsoft.įor those unaware, the vulnerability (CVE-2017-0199) is a code execution flaw in Word that could allow an attacker to take over a fully patched and up to date computer when the victim opens a Word document containing a booby-trapped OLE2link object, which downloads a malicious HTML app from a server, disguised as a document created in Microsoft’s RTF (Rich Text Format).įinSpy or FinFisher is associated with the controversial UK-based firm Gamma Group, which sells so-called “lawful intercept” spyware to governments around the world. Now, it turns out that the same previously undisclosed vulnerability in Word (CVE-2017-0199) was also actively being exploited by the government-sponsored hackers to spy on Russian targets since at least this January. Recently we reported about a critical code execution vulnerability in Microsoft Word that was being exploited in the wild by cyber criminal groups to distribute malware like Dridex banking trojans and Latentbot. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |