Information security specialists from Kaspersky Lab reported that hackers are trying to attack Russian companies through a new vulnerability in Microsoft Office products. At least one attack targeted government agencies. Using the vulnerability, attackers can not only spy on users of the infected system, but also download malicious programs like ransomware viruses into it. Experts expect that hackers will actively exploit the system’s flaw, as users are slow to install updates.
According to Yevgeny Lopatin, head of the complex threat detection department at Kaspersky Lab, attackers are now exploiting the vulnerability by sending a phishing email with a document attachment. An employee only needs to open such a document on his computer for the vulnerability to work, and then malware is downloaded and installed on the victim’s computer.
Rostelecom-Solar has registered one targeted attack on government bodies using this vulnerability, said Igor Zalevsky, head of the Solar JSOC CERT cyber incident investigation department.
The expert added that a number of government systems are still using Internet Explorer as the recommended browser.
This is actually a vulnerability in MSHTML, the engine of the Internet Explorer browser. This part is responsible for displaying the content of the web page (images, fonts, and other files). In this case, MSHTML is used by the Microsoft Office software package to display web content in documents.
The vulnerability in MSHTML allows an attacker to create modified documents with malicious scripts. After compromising the system through this vulnerability, an attacker can install a backdoor.
According to experts, a wave of attacks using the problem in MSHTML is expected. The vulnerability can be exploited both in advanced attacks and in regular phishing emails.