By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft has detailed a March attack on Windows customers in the satellite and communications sectors using "unusual, interesting techniques" that bear the hallmarks of APT group MuddyWater. The company's Office 365 ATP picked up archive (ACE) files loaded with the recently discovered WinRAR flaw, CVE-2018-20250, which has become widely used among cybercrime groups and nation-state hackers in recent months. The bug was co-opted for hacking after a February 20 report from Israeli security firm Check Point revealed that a malicious ACE file could place malware anywhere on a Windows PC after being extracted by WinRAR. Locations include the Windows Startup folder, where the malware would automatically execute on each reboot. A month before Check Point's report, WinRAR developers released a new version that dropped support for ACE because it was unable to update a library in WinRAR called Unacev2.dll that contained a directory traversal flaw. However, by March, when this attack was detected by Microsoft, it's likely a large chunk of the world's 500 million WinRAR users hadn't updated to the non-ACE version or hadn't removed the vulnerable DLL. The MuddyWater group's activities were first spotted in 2017. It is known to target users in the Middle East, Europe, and the US. The group frequently doctors up phishing documents to appear as if they're from security arms of various governments.  For more visit OUR FORUM.

 

GTranslate