It is not known what type of malware family CrescentImp belongs to or what its functionality is.Ī new series of attacks targeting government agencies in Europe and the United States using the Follina" vulnerability. There are a few indicators of compromise provided by CERT-UA that can help defenders detect CrescentImp infections. The advisory also stated that Russian hackers launched new campaigns leveraging Follina, sending malignant email messages to over 500 media outlets in Ukraine including radio stations and newspapers. Ukraine CERT Warns: CERT Ukraine warns that Sandworm may be exploiting Follina since April 2022.
The Long Sought Patch: Microsoft finally released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. The Rozena backdoor malware can be used to inject a remote shell connection back to the attacker. Yet another malware delivered via Follina: New Woody Rat malware is delivered onto victim networks through phishing emails targeting the Follina vulnerability in Microsoft Office documents.įollina now Opens Rozena: A newly observed phishing campaign exploits the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor (Rozena) on Windows systems. However, the researcher who first reported the zero-day stated that Microsoft first classified the hole as “not a security-related problem” and later notified the researcher that the problem has been resolved, although no patch appears to be available. This Follina zero-day was first reported to Microsoft on April 12, 2022, when Word documents impersonated Russia's Sputnik news agency by offering recipients a radio interview and were discovered exploiting the bug in the wild.
On May 27, 2022, researchers have publicly disclosed a zero-day vulnerability in Microsoft Office that could be exploited by sending malicious Word documents to a victim's computer, allowing remote code execution. TA413, a Chinese state-sponsored threat actor, is now found to be exploiting the Follina Zero-day vulnerability to use it against the International Tibetan community.
An unpatched vulnerability tracked as CVE-2022-30190 (aka Follina) in the remote Word template feature enables adversaries to execute malicious code on targeted systems of Microsoft Office.
0 kommentar(er)
