Hackers are targeting U.S. government networks, according to U.S. Cyber Command, which says there is a vulnerability of CVE-2017-1174, which is a two year old flaw in Microsoft Outlook that is being used by attackers to install remote access Trojans and other malware.
U.S. Cyber Command recommends that the vulnerability be patched to prevent exploitation. The known flaw can be exploited by allowing an intruder access to credentials, which is usually accomplished through phishing attacks. Once the attacker has successfully obtained Outlook credentials, the attacker can change the user’s home page to a page the attackers have infected with malicious code that activates when Outlook is opened.
Security researchers believe the attacks are being launched by Iran-backed group APT33, and are in response to the political tensions with Iran. According to the security researchers, APT33 has been using brute force attacks with commonly used passwords.
The cyber tensions between the U.S. and Iran are continuing and do not look like they will stop in the near future. U.S. businesses are being attacked and are caught in the cross-fire, so awareness of the warnings provided by U.S. Cyber Command and U.S.-CERT (Computer Emergency Readiness Team) is important to stay abreast of new threats and vulnerabilities. Since these latest attacks are being launched through brute force attacks, educating employees on these threats, and reinforcing strong passphrases is an obvious first response.