By Alastair Stevenson
Hackers are using patched vulnerabilities in Microsoft’s Office services to infiltrate European government agencies’ networks and harvest data from Internet Explorer and Outlook, according to Trend Micro researchers.
Trend Micro’s Jonathan Leopando reported a wave of new targeted attacks on Microsoft services, pertaining to be legitimate email messages from the Chinese Ministry of National Defense. Leopando said the attacks are directed at European government officials and contain malware designed to siphon data from them.
“This particular attack was aimed primarily at both personnel belonging to Europe and Asia governments. The message was sent to 16 officials representing European countries alone. The topic of the email – and the attached document – would be of interest to these targets,” he wrote.
“The exploit is used to drop a backdoor onto the system, which steals login credentials for websites and email accounts from Internet Explorer and Microsoft Outlook. (It also opens a legitimate ‘dummy’ document, to make the target believe that nothing malicious happened.)”
Leopando said evidence suggests despite the subject of the message, the origin of the attack remains unclear. “The email claimed to be from the Chinese Ministry of National Defense, although it appears to have been sent from a Gmail account and did not use a Chinese name,” wrote Leopando.
“It’s worth noting, however, that Chinese media organisations were also targeted by this attack. The backdoor itself has also been detected in the wild, but, interestingly, it has been most frequently seen in China and Taiwan, with a more limited presence in other Asian countries.”
Leopando said the vulnerabilities targeted in the campaign are a common entry point into company and government networks for hackers. “The vulnerability used in this attack is one that is commonly used by targeted attacks. High-profile campaigns like Safe and Taidoor have made use of this vulnerability; if anything it’s a commonly targeted flaw in sophisticated campaigns,” he wrote.
The continued success of campaigns targeting the flaw is largely down to companies’ and governments’ slow patch cycles, as numerous security services capable of mitigating the threat are already publicly available. Slow update cycles have been a constant issue for Microsoft, which releases regular security patches to fix any new vulnerabilities in its services and software.