Recent increase in the state-backed hacking campaigns, isn’t finishing any time soon, as the US Cyber Command has reported that the unnamed state actors are making the “active malicious use” of a 2017-era Outlook, vulnerability (long since patched) to escape the email client’s sandbox and run malware on a target system.
The officials didn’t about who was involved in the attempts but some clues have hinted at a possible connection to the Iran.
ZDNet also noted that a known hacking attack by the Iran-backed hacking team, the “APT33” had used the same vulnerability, in December to install back the doors on servers and promptly also push the flaw to Outlook users. The Chronicle Security’s Brandon Levene had also found that the Cyber Command’s code samples also appeared related to APT33’s disk-wiping Shamoon malware. The Symantec had also warned of the high activity from group in recent months.
If Iran is backing and its not a more familiar perpetrator like Russia then it suggests that the political tensions are transforming directly to digital realm because US believed to have knocked out Iranian missile, and the rocket systems with a cyberattack in late June, for instance.