US Cyber Command warns: Iranian hackers exploit Outlook vulnerabilities to spread malware
The US Cyber Command warned on July 2 that it discovered a campaign using the Microsoft Outlook vulnerability (CVE-2017-11774) to spread malware. This vulnerability could allow an attacker to execute arbitrary commands on the target system.
Researchers at SensePost first discovered the vulnerability and integrated the vulnerability into the open-source test tool, Ruler. As early as December 2018, FireEye released a report saying that the Iranian cyberespionage organization APT33 has been using CVE-2017-11774 and the Ruler tool to spread malware. FireEye believes that the attacks mentioned by the US Cyber Command were also initiated by APT33.
The US Cyber Command has shared malware samples through the VirusTotal. According to the website, the attacker used the customermgmt.net domain name to send malware. The executable file uploaded by the US Cyber Command is related to the Shamoon event that took place around January 2017. These executables are download programs that use the powershell to load the PUPY RAT. The US Cyber Command recommends that users fix CVE-2017-11774 as soon as possible.
APT33 has been active since at least 2015 and targets organizations in the government, research, chemical, engineering, consulting, finance, manufacturing, and telecommunications industries. Symantec revealed in March that the organization began to attack organizations in Saudi Arabia and the United States.
Via: ZDNet