Security News > 2022 > June > Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability
An advanced persistent threat actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems.
"TA413 CN APT spotted exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique," enterprise security firm Proofpoint said in a tweet.
While the bug gained widespread attention last week, evidence points to the active exploitation of the diagnostic tool flaw in real-world attacks targeting Russian users over a month ago on April 12, 2022, when it was disclosed to Microsoft.
The vulnerability exists in all currently supported Windows versions and can be exploited via Microsoft Office versions Office 2013 through Office 21 and Office Professional Plus editions.
"This elegant attack is designed to bypass security products and fly under the radar by leveraging Microsoft Office's remote template feature and the ms-msdt protocol to execute malicious code, all without the need for macros," Malwarebytes' Jerome Segura noted.
"What makes 'Follina' stand out is that this exploit does not take advantage of Office macros and it works even in environments where macros have been disabled entirely," Nikolas Cemerikic of Immersive Labs said.
News URL
https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html
Related news
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser (source)