Security News > 2022 > June > Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability
An advanced persistent threat actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems.
"TA413 CN APT spotted exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique," enterprise security firm Proofpoint said in a tweet.
While the bug gained widespread attention last week, evidence points to the active exploitation of the diagnostic tool flaw in real-world attacks targeting Russian users over a month ago on April 12, 2022, when it was disclosed to Microsoft.
The vulnerability exists in all currently supported Windows versions and can be exploited via Microsoft Office versions Office 2013 through Office 21 and Office Professional Plus editions.
"This elegant attack is designed to bypass security products and fly under the radar by leveraging Microsoft Office's remote template feature and the ms-msdt protocol to execute malicious code, all without the need for macros," Malwarebytes' Jerome Segura noted.
"What makes 'Follina' stand out is that this exploit does not take advantage of Office macros and it works even in environments where macros have been disabled entirely," Nikolas Cemerikic of Immersive Labs said.
News URL
https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)