Ukraine Hit by Stealthy Hack Using Old Office Flaw to Deploy Spy Tool

April 29, 2024
Ukraine Hit by Stealthy Hack Using Old Office Flaw to Deploy Spy Tool
  • A hacking campaign in Ukraine exploited a seven-year-old Microsoft Office flaw to deliver Cobalt Strike, a hacker tool.

  • The attack used a malicious PPSX file with a remote link to an external object targeting the CVE-2017-8570 vulnerability.

  • The second stage of the attack featured an HTML file with JavaScript, masked as a Cisco VPN update, to deploy the Cobalt Strike Beacon.

  • At the time of the discovery, the particular Cobalt Strike Beacon used was not detectable by most antivirus engines.

  • Ukrainian military personnel were the focus of the attack, with domain names for the malware delivery disguised as art and photography sites.

  • While the campaign's evidence pointed to Ukraine, a Russian VPS, and a Cobalt beacon command-and-control server in Poland, the specific actor behind the operations remains unidentified.

  • The report provided Indicators of Compromise to help identify the malicious activity but lacked conclusive attribution.

Summary based on 1 source


Get a daily email with more Tech stories

Source

Related Stories