US Cyber Command Hints at Use of Old Outlook Vulnerability in Recent Cyber-Attacks
The United States Cyber Command has reported the discovery of active malicious usage of a vulnerability in certain outdated versions of Microsoft Outlook, which were long since patched by Microsoft but may not have received the update due to user and admin negligence on critical systems. The disclosure mentions "active malicious use", revealing the source of the malware's origin as well in its tweets.
USCYBERCOM has discovered active malicious use of CVE-2017-11774 and recommends immediate #patching. Malware is currently delivered from: 'hxxps://customermgmt.net/page/macrocosm' #cybersecurity #infosec— USCYBERCOM Malware Alert (@CNMF_VirusAlert) July 2, 2019
A quick check on the National Vulnerability Database in USA reveals the identity of the glitch, which is described as: "Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
In essence, the breach allows an attacker to bypass arbitrary security protocols to execute remote commands on a system, which in turn can corrupt data or block users out from accessing the data. A ZDNet report states that the origin of these attacks may be happening in Iran, and in particular the APT33 hacker collective, which has been seen to be more active of late, and has previously used this vulnerability to install surveillance backdoors in servers.
However, without any conclusive public evidence at hand, it is not clear if this is open cyber warfare at its nascent, or isolated incidents from various sources that somehow have a common attack string.