Ukraine Hit by Stealthy Hack Using Old Office Flaw to Deploy Spy Tool
April 29, 2024![Ukraine Hit by Stealthy Hack Using Old Office Flaw to Deploy Spy Tool](https://cdn.brief.news/images/stories/1bdf99bdcfd2e353a1c689848aaf89ea2965b140cdb5e77d639b50663220b5afa59168768296c8ae1bc620b68c0d5176d942ad6ab341b82fbbd1071c52d68b2d.png)
A hacking campaign in Ukraine exploited a seven-year-old Microsoft Office flaw to deliver Cobalt Strike, a hacker tool.
The attack used a malicious PPSX file with a remote link to an external object targeting the CVE-2017-8570 vulnerability.
The second stage of the attack featured an HTML file with JavaScript, masked as a Cisco VPN update, to deploy the Cobalt Strike Beacon.
At the time of the discovery, the particular Cobalt Strike Beacon used was not detectable by most antivirus engines.
Ukrainian military personnel were the focus of the attack, with domain names for the malware delivery disguised as art and photography sites.
While the campaign's evidence pointed to Ukraine, a Russian VPS, and a Cobalt beacon command-and-control server in Poland, the specific actor behind the operations remains unidentified.
The report provided Indicators of Compromise to help identify the malicious activity but lacked conclusive attribution.
Summary based on 1 source
Get a daily email with more Tech stories
Source
![Targeted operation against Ukraine exploited 7-year-old MS Office bug](https://cdn.brief.news/images/links/1bdf99bdcfd2e353a1c689848aaf89ea2965b140cdb5e77d639b50663220b5afa59168768296c8ae1bc620b68c0d5176d942ad6ab341b82fbbd1071c52d68b2d.png)
Security Affairs • Apr 28, 2024
Targeted operation against Ukraine exploited 7-year-old MS Office bug