By Ionut Arghire on October 10, 2018
A group of hackers believed to be operating out of China was observed using popular Microsoft Office exploits for the delivery of malware.
The actor, known as KeyBoy, was first identified in 2013 and has been observed mainly targeting governments and other organizations in South East Asia. The group continues to be active, although it has expanded the targets list, and even hit the energy sector.
Recently, the group was seen abusing an open source version of the popular CVE-2017-0199 exploit to target India's Ambassador to Ethiopia. The actor used a phishing email with an attached document that would download and execute a script to install the final payload.
According to AlienVault, which has been tracking KeyBoy’s whereabouts, the group has been also testing the use of another exploit generator. Because the actor didn’t change the default settings in the tool, the document meta-data included obvious hints that the document was malicious.
In this case, however, the data hinted at another Office exploit that was previously abused in attacks, namely CVE-2017-8570.
Full Article.
KeyBoy Abuses Popular Office Exploits for Malware Delivery
+54Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.