Security News > 2022 > March > MSHTML Flaw Exploited to Attack Russian Dissidents
A spearphishing campaign targeting Russian citizens and government entities that are not aligned with the actions of the Russian government is the latest in numerous threats that have emerged since Russia invaded the Ukraine in February.
MalwareBytes observed two documents associated with the campaign using the previously identified flaw dubbed MSHTML and tracked as CVE-2021-40444.
The threat actor used a new variant of an MSHTML exploit called CABLESS in the campaign, researchers said.
Researchers intercepted a number of emails being used in campaigns, all of which are in the Russian language.
Researchers are unsure who is behind the campaign but noted the similarity of the lure as one used before and linked to the threat group CarbonSpider, which in the past has targeted Russian financial institutions.
Based on MalwareBytes' observations of the domains targeted in the campaign, potential victims are from a number of regional and federal government organizations, including: the authorities of the Chuvash Republic Official internet portal; the Russian Ministry of Internal Affairs; the Ministry of Education and Science of the Republic of Altai; the Ministry of Education of the Stavropol Territory; the Minister of Education and Science of the Republic of North Ossetia-Alania; and the Ministry of Science and Higher Education of the Russian Federation.
News URL
https://threatpost.com/mshtml-flaw-exploited-to-attack-russian-dissidents/179150/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-40444 | Path Traversal vulnerability in Microsoft products <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. | 8.8 |