Security News > 2020 > June > Russia-linked Gamaredon hacker crew using Microsoft's Visual Basic for Applications to pwn Microsoft's Outlook
Security researchers claim to have uncovered "Several previously undocumented post-compromise tools" used by a Russia-linked APT to target Microsoft Office and Outlook through Visual Basic for Applications.
The Gamaredon hacking crew is said to be targeting Outlook through Visual Basic for Applications, allowing attackers to access the target account's contact book so they can forward phishing emails to a new batch of potential victims.
"While abusing a compromised mailbox to send malicious emails without the victim's consent is not a new technique, we believe this is the first publicly documented case of an attack group using an OTM file and Outlook macro to achieve it," said researcher Jean-Ian Boutin.
To compromise Outlook, the malware runs a Visual Basic script that kills the Outlook system process before changing Windows registry values to strip away security settings preventing VBA macro execution, said ESET. It then fires up Outlook and loads its malicious VBA project.
Gamaredon has been an active APT crew since 2013, initially known for targeting Ukrainian government institutions.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/06/11/eset_gamaredon_outlook/
Related news
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Microsoft fixes Outlook email sending issue for users with many folders (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft Outlook bug blocks email logins, causes app crashes (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft Outlook workaround fixes freezes when copying text (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)