A suspicious Chinese threat group was seen attacking a flaw in Microsoft Office Follina

Suspicious Chinese threat actors have been observed by security researchers attacking Microsoft Office’s zero-day flaw “Follina.” Widely announced this week..

Researchers at security vendor Proofpoint said in a tweet that the advanced persistent threat group TA413 CN APT was found exploiting a bug in Follina ().CVE-2022-30190) Deliver a ZIP archive containing infected Word documents.

“The campaign impersonates the” Women’s Empowerment Desk “of the Central Tibetan Government and uses the domain tibet-gov.web.[.]”App” followed by tweets.

First seen in 2019, TA413 is believed to be affiliated with the Chinese government. In 2020, it was observed that Covid-based fishing lures were used to conduct spy campaigns against European diplomatic and legislative institutions, non-profit policy research institutes, and global organizations dealing with economic issues. .. It also distributes malware such as Exile RAT, focusing on Tibetan diasporas and opponents.

Another attempt to exploit the vulnerability has been reported by the SANS InternetStorm Center. I received an infected document that was uploaded from Ireland but whose filename is in Chinese characters.. When translated, the file name will be displayed as “Mobile phone room for receiving orders-Channel quote-Lowest price for the entire network.docx”.

The Follina A zero-day attack allows an attacker to execute arbitrary code through the Microsoft Support Diagnostic Tool (MSDT). All that is required to exploit this vulnerability is for the victim to open the infected Word document. Attacks are possible even if macros are turned off, and there are no patches yet.

As a means of mitigating the threat, Microsoft recommends disabling MSDTURL.

“”Disabling the MSDT URL protocol will prevent troubleshooting It is launched as a link that contains links for the entire operating system. You can continue to access troubleshooting in your system settings as other or additional troubleshooting using the Get Help application. “ A suspicious Chinese threat group was seen attacking a flaw in Microsoft Office Follina

Back to top button