Search This Blog

Powered by Blogger.

Blog Archive

Labels

Word Document Scam Alert: Windows Users Vulnerable to Cyber Exploits

Russian entities are targeted in a widespread security threat exploiting a zero-day vulnerability in Microsoft Word.

 


As a result of a recently discovered bug, hackers are able to execute remote code in all versions of Microsoft's proprietary MSHTML browser engine without having to install the application. There is a zero-day vulnerability in Microsoft Word that attackers are taking advantage of by crafting specially crafted documents. 

Microsoft's products such as Skype, Visual Studio, and Microsoft Outlook, as well as several others, also use MSHTML, so the problem really is widespread, since MSHTML is also used by several Microsoft products. A zero-day vulnerability in a Windows tool has been exploited by hackers via malicious Word documents to be able to compromise networks that have been protected by Microsoft's workaround for administrators. 

The Google-owned antivirus service VirusTotal detected a malicious Word document uploaded on 25 May from a Belarusian IP address on its website that was uploaded on the weekend.  As a result of Kevin Beaumont's analysis, he discovered that despite macros being disabled, the malicious document - or "malloc" - was able to generate code through the legitimate Microsoft Support Diagnostic Tool (msdt.exe) despite the fact that macros were enabled. 

MSDT is accessed through the ms-msdt URL protocol in Windows from the malicious Word document in order to execute the malware. There is now a "troubleshooter pack" available for download from the MSDT website.  Using malicious Microsoft Word documents, North Koreans are attempting to steal sensitive information from Russian targets by exploiting the weaknesses in the security software. 

A Fortinet researcher named Cara Lin made the following observation about how a group called Konni (although there are so many similarities between it and Kimsuky aka APT43 that it is also possible that it could be this group) attempted to deliver a malicious Russian-language Microsoft document in the form of an attachment. This malware has the appearance of a macro, which is typical of malware that is downloaded as a file. 

According to the document that is being distributed, there is an article in the Russian language, which apparently describes Western assessments on the progress of the Special Military Operation. It is noted in the piece that The Hacker News commented that Konni is a "notable" application for its anti-Russian values.  

A majority of the time, the group would engage in spear-phishing emails and malicious documents in an attempt to gain access to targets' endpoints, which was done by spear-phishing. It has been reported that earlier attacks taken advantage of a vulnerability in WinRAR (CVE-2023-38831) were spotted by cybersecurity researchers Knowsec and ThreatMon, it has been reported. 

A major objective of Konni is to smuggle data and conduct espionage activities around the world, as reported by ThreatMon. During this process, the group uses a wide array of malware and tools in order to accomplish its objectives, frequently adapting its tactics in order to avoid detection by the authorities. The sabotage of Russian firms by North Korean hackers is not the first instance on which we have seen similar attacks.
Share it:

Cyber Exploits

CyberCrime

Document

Document Scam

Ms Words

MSHTML

Scam Alert

skype

Visual Studio

Vulnerablities and Exploits