Microsoft Outlook Users Targeted By Gamaredon’s New VBA Macro

2020-06-11 20:37

The VBA macro leverages compromised victims' Microsoft Outlook email accounts to send spear-phishing emails to their contacts - rapidly widening the potential attack surface.

Researchers say, while abusing a compromised mailbox to send malicious emails is not a new technique, this is the first publicly documented case of an attack group using both an Outlook macro and an OTM file to do so.

The code runs a VBScript that first kills the victim's Outlook process, and then removes any security protections around VBA macro execution in Outlook by changing registry values.

Researchers said, while tools utilized by Gamaredon have historically been very simple and are designed to gather sensitive data from compromised systems, the Outlook VBA module may reflect future sophistication in cyberattacks.

"Despite the simplicity of most of their tools, the Gamaredon group also is capable of deploying some novelty, such as their Outlook VBA module," they said.

News URL

https://threatpost.com/microsoft-outlook-users-targeted-by-gamaredons-new-vba-macro/156484/

#macro #microsoft #outlook

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		480	75	2308	5127	264	7774

News URL

Related news

Related vendor