US Cyber Command Issues Alert Regarding Hackers Actively Exploiting Outlook Vulnerability

US Cyber Command issued an alert regarding threat actors actively abusing an Outlook vulnerability (CVE-2017-11774) to plant malware on government networks. This vulnerability was previously exploited in 2018 by the Iranian state-sponsored advanced persistent threat known as APT33. The malware samples recently uploaded by Cyber Command appear to be related to Shamoon activity, also associated with APT33. These samples include tools used for manipulating web servers and downloading additional malware onto infected networks. The NJCCIC recommends users and administrators apply updates to hardware and software as they become available and after appropriate testing. Users are highly encouraged to enable multi-factor authentication where available. More information can be found in the ZDNet article and FireEye report.

AlertNJCCICmalware, APT