April 25, 2024

China-backed hackers are exploiting an unpatched Microsoft Office zero-day vulnerability, known as “Follina”, to execute malicious code remotely on Windows systems.

Microsoft has warned that the flaw could enable threat actors to install programs, delete data, and create new accounts in the context allowed by the user’s rights.

Researchers observed hackers exploiting the flaw to target Russian and Belarussian users since April, and Enterprise security firm Proofpoint said this week that a Chinese state-sponsored hacking group has been exploiting the zero-day in attacks targeting the international Tibetan community.

Advertisements

“TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique,”. Campaigns impersonate the ‘Women Empowerments Desk’ of the Central Tibetan Administration and use the domain tibet-gov.web[.]app.”

Proofpoint has previously observed the TA413 threat actor – also tracked as “LuckyCat” and “Earth Berberoka” – targeting Tibetan organizations using malicious browser extensions and COVID-19 themed espionage campaigns.

While waiting for a security patch, Microsoft recommends disabling the MSDT URL Protocol as workarounds, below are the instructions included in the guidance:

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Google Fixes Critical Vulnerability in Chrome -CVE-2024-4058

April 24, 2024

Red Ransomware Victimized Targus

April 23, 2024

Oracle Virtual Box Vulnerability PoC Released – CVE-2024-21111

April 22, 2024

CrushFTP Zeroday Vulnerability Exploited in Wild attack

April 21, 2024

TheCyberThrone Security Week In Review – April 20, 2024

April 21, 2024

MITRE Breached Exploiting Ivanti Zeroday

April 20, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading