Security News > 2022 > March > Hackers exploit new WPS Office flaw to breach betting firms
An unknown Chinese-speaking threat actor has been targeting betting companies in Taiwan, Hong Kong, and the Philippines, leveraging a vulnerability in WPS Office to plant a backdoor on the targeted systems.
The first infection vector used in this campaign is an email with a laced installer that pretends to be a critical WPS Office update, but in most attacks, the threat actors use a different method.
The second infection vector, which is predominately used in this campaign, is leveraging CVE-2022-24934, a vulnerability in the WPS Office updater utility.
WPS Office is a cross-platform office suite with over 1.2 billion installations.
"To exploit the vulnerability, a registry key under HKEY CURRENT USER needs to be modified, and by doing this an attacker gains persistence on the system and control over the update process," explains Avast in its technical report.
Considering the nature of the targets, which is betting companies, the goal of the threat actors may have been to steal financial details or take over accounts and cash out escrow balances.
News URL
Related news
- Schneider Electric confirms dev platform breach after hacker steals data (source)
- Nokia investigates breach after hacker claims to steal source code (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2022-24934 | Unspecified vulnerability in WPS Office wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. | 9.8 |