A social engineering project leveraging job-themed lures is weaponizing a years-old remote code execution defect in Microsoft Workplace to release Cobalt Strike beacons on jeopardized hosts.
” The payload found is a dripped variation of a Cobalt Strike beacon,” Cisco Talos scientists Chetan Raghuprasad and Vanja Svajcer stated in a brand-new analysis released Wednesday.
” The beacon setup consists of commands to carry out targeted procedure injection of approximate binaries and has a high credibility domain set up, displaying the redirection strategy to masquerade the beacon’s traffic.”.
The destructive activity, found in August 2022, tries to make use of the vulnerability CVE-2017-0199, a remote code execution concern in Microsoft Workplace, that permits an assaulter to take control of an afflicted system.
The entry vector for the attack is a phishing e-mail including a Microsoft Word accessory that uses job-themed lures for functions in the U.S. federal government and Civil service Association, a trade union based in New Zealand.
Cobalt Strike beacons are far from the only malware samples released, for Cisco Talos stated it has actually likewise observed the use of the Redline Thief and Amadey botnet executables as payloads at the other end of the attack chain.
Read the full article here