Security News > 2020 > August > Hackers Exploit Autodesk Flaw in Recent Cyberespionage Attack

Threat actors exploited a vulnerability in the popular 3D computer graphics Autodesk software in order to launch a recent cyber-espionage attack against an international architectural and video production company.

Researchers said that further analysis of the attack points to a sophisticated, APT-style group that had prior knowledge of the company's security systems and used software applications, carefully planning their attack to infiltrate the company and exfiltrate data undetected.

The hallmark of the attack is its use of a malicious plugin for Autodesk 3ds Max, a computer graphics program used by engineering, architecture or gaming organizations for making 3D animations, which is developed by Autodesk Media and Entertainment.

In reality, the plugin is a variant of a MAXScript exploit of Autodesk 3ds Max, which is called "PhysXPluginMfx."

Autodesk for its part issued an advisory for the flaw earlier in August: "Autodesk recommends 3ds Max users download the latest version of Security Tools for Autodesk 3ds Max 2021-2015SP1 available in the Autodesk App Store to identify and remove the PhysXPluginMfx MAXScript malware," according to the company.

News URL

https://threatpost.com/hackers-exploit-autodesk-flaw-in-recent-cyberespionage-attack/158669/