Security News > 2020 > January > Hackers targeting Arabic-speaking countries with malicious Microsoft Office documents
Security researchers with Cisco's Talos Security Intelligence and Research Group discovered a new type of malware, which is able to attack a victim's devices through malicious Microsoft Office documents.
"We don't know why specifically these countries, the attackers simply hardcoded these countries in the malware. The attackers had complete control of the compromised systems. The purpose of the campaigns were cyber espionage," Rascagneres said.
"Everything starts with a malicious document using a well-known vulnerability to download a malicious document hosted on the internet. For this campaign, the attacker chose to use a cloud provider with a good reputation to avoid URL blacklisting. The malware is divided into a couple of layers - each layer downloads a new payload on a cloud provider to get the final RAT developed in Python and that uses additional providers such as Twitter and ImgBB," Talos researchers wrote in their blog post.
How to protect yourself from a RAT. Attackers are able to lure their victims into opening the documents by labelling it "Urgent.docx" or "Fb.docx" as well as other strange image files.
"Concerning the campaign, everything starts with a malicious Office document. We recommend not opening documents from unknown senders. Additionally, the users should be careful when Office asks to enable Macro. We recommend to not enable them, and we recommend the companies to enforce this policy. Endpoint protection is also important for detection for these campaigns," Rascagneres added.
News URL
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)