Security News > 2022 > June > Russian hackers start targeting Ukraine with Follina exploits

Russian hackers start targeting Ukraine with Follina exploits
2022-06-13 14:28

Ukraine's Computer Emergency Response Team is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool currently tracked as CVE-2022-30190.

It is worth noting that Ukraine's agency assesses with medium confidence that behind the malicious activity is the Sandworm hacker group.

CERT-UA says that Russian hackers launched a new malicious email campaign leveraging Follina and targeted more than 500 recipients at various media organizations in Ukraine, including radio stations and newspapers.

Sandworm has been targeting Ukraine constantly over the past few years, and the frequency of attacks increased after the Russian invasion into Ukraine.

In April, it was discovered that Sandworm attempted to take down a large Ukrainian energy provider by targeting its electrical substations with a new variant of the Industroyer malware.

In February, security researchers discovered that Sandworm was the group responsible for creating and operating the Cyclops Blink botnet, a highly persistent malware relying on firmware manipulation.


News URL

https://www.bleepingcomputer.com/news/security/russian-hackers-start-targeting-ukraine-with-follina-exploits/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-01 CVE-2022-30190 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word.
local
low complexity
microsoft CWE-610
7.8