China-Linked Hackers Are Exploiting a New Vulnerability
Chinese government-linked hackers are already using a newly found vulnerability in Microsoft Office.
According to information released by Proofpoint on Twitter, a hacking organization known as TA413 was utilizing the vulnerability in malicious Word documents purportedly issued from the Central Tibetan Administration, the Tibetan government in exile based in Dharamsala, India. The TA413 group is an APT, or “advanced persistent threat,” actor previously spotted targeting the Tibetan exile population.
In general, Chinese hackers have a history of targeting Tibetans by exploiting software security holes. Citizen Lab produced a report in 2019 that extensive detailed spyware is targeting Tibetan political officials, including through Android browser exploits and malicious links transmitted via WhatsApp. Hackers have also weaponized browser extensions. Proofpoint previously discovered the deployment of a malicious Firefox add-on to eavesdrop on Tibetan activists.
Microsoft has now formally accepted the vulnerability, dubbed CVE-2022-30190. At the same time, Microsoft ignored previous claims of the same flaw.
On May 27th, a security research group known as Nao Sec took to Twitter to discuss a sample given to the web malware scanning service VirusTotal. The Microsoft Word vulnerability first gained significant attention. According to Nao Sec’s tweet, the malicious code was sent using Microsoft Word documents; Hackers used it to execute instructions via PowerShell, a sophisticated system management tool for Windows.
According to Microsoft’s security response blog, an attacker who exploits the vulnerability could install programs, access, change, or delete data; they could even establish new user accounts on a compromised system. So yet, Microsoft has not produced an official patch but has provided mitigating steps for the vulnerability, including manually disabling the MSDT tool’s URL loading feature. The potential attack surface for the exposure is extensive due to the widespread use of Microsoft Office and related products.
The post China-Linked Hackers Are Exploiting a New Vulnerability appeared first on forexinsider24.com.