Security News > 2020 > June > Russia-linked Gamaredon hacker crew using Microsoft's Visual Basic for Applications to pwn Microsoft's Outlook
Security researchers claim to have uncovered "Several previously undocumented post-compromise tools" used by a Russia-linked APT to target Microsoft Office and Outlook through Visual Basic for Applications.
The Gamaredon hacking crew is said to be targeting Outlook through Visual Basic for Applications, allowing attackers to access the target account's contact book so they can forward phishing emails to a new batch of potential victims.
"While abusing a compromised mailbox to send malicious emails without the victim's consent is not a new technique, we believe this is the first publicly documented case of an attack group using an OTM file and Outlook macro to achieve it," said researcher Jean-Ian Boutin.
To compromise Outlook, the malware runs a Visual Basic script that kills the Outlook system process before changing Windows registry values to strip away security settings preventing VBA macro execution, said ESET. It then fires up Outlook and loads its malicious VBA project.
Gamaredon has been an active APT crew since 2013, initially known for targeting Ukrainian government institutions.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/06/11/eset_gamaredon_outlook/
Related news
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Microsoft fixes bug causing Outlook freezes when copying text (source)
- Microsoft fixes bug causing Outlook to freeze when copying text (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)