• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Government Cyber Security » US Cyber Command Warns of Iranian Cyber Attack on MS Outlook

US Cyber Command Warns of Iranian Cyber Attack on MS Outlook

2019-07-03 by Michelle Dvorak

Iranian Hacking MS Outlook – Targets Government Agencies

United States. Cyber Command (USCYBERCOM) issued a warning via Twitter that an Advanced Persistent Threat (APT) group is targeting US government agencies with a known Microsoft Outlook vulnerability. Previous cyberattacks exploiting the vulnerability, CVE-2017-11774, have been attributed to Iranian hacking group APT33. All machines running MS Outlook should be patched immediately if they were not already.

Microsoft Outlook’s CVE-2017-11774 vulnerability allows hackers to bypass Outlook security features and execute malware on infected machines. This attack vector was used by state-sponsored hacking group APT33, also known as Elfin, Magnallium, or Refined Kitten. APT33 is an advanced persistent threat group that developed the infamous Shamoon malware. The security vulnerability was first seen in 2017 and was weaponized by an Iranian state-sponsored hacking group APT33 by the end of 2018. Hackers use backdoors on web servers and use the CVE-2017-11774 exploit to infect Outlook users with malware.

Heimdel Malware Protection
Heimdel Malware Protection

The Security Vulnerability is not a new exploit. Microsoft published a patch for the flaw on October 10, 2017.

CVE-2017-11774 Microsoft Outlook Security Feature Bypass Vulnerability
Published: 10/10/2017
MITRE CVE-2017-11774

“A security feature bypass vulnerability exists when Microsoft Outlook improperly handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince users to open the document file and interact with the document.

The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.”

The problem affects Microsoft Outlook, a popular mail app for business and personal users. On an unpatched machine, a hacker can exploit the vulnerability to execute commands on the hacked machine including downloading and executing malware.

This is not a new security flaw which has already been fixed. However, unpatched hardware and software allow hackers to use tried and true methods to compromise more computers. This time the target is US government agencies. Immediate patching is recommended. The fix for this vulnerability was released in October 2017. To mitigate this attack and secure networks and computers, all machines with Microsoft Outlook should be updated to the latest version.

The Tweet read, “USCYBERCOM has discovered active malicious use of CVE-2017-11774 and recommends immediate #patching. Malware is currently delivered from: ‘hxxps://customermgmt.net/page/macrocosm’ #cybersecurity #infosec”

— USCYBERCOM Malware Alert (@CNMF_VirusAlert) July 2, 2019

It is common to substitute the letter “t” is https with the letter “x,” so no one inadvertently clicks on the link which would take malicious server.

In 2017, the British government’s National Health Service (NIHS) was disrupted when unpatched Windows computers used across the NHS network were infected with WannaCry ransomware. WannaCry spread to Taiwan, Russia, and other parts of Europe too. WannaCry did not spread to machines that had security updates that fixed the vulnerability that WannaCry exploits.

WebRoot cyber sec

What is U.S. Cyber Command (USCYBERCOM)?

United States Cyber Command, USCYBERCOM, is located at Fort Meade, Maryland and is one of ten commands of the United States Department of Defense. USCYBERCOM was founded in 2009 to direct US military cyber security operations and expertise. One of USCYBERCOM’s charges is to identify and protect US government computers and networks from hackers and Advanced Persistent Threat groups like APT33. The agency does not issue warnings about financially motivated hackers. It focuses on government-sponsored hacking groups.

Last week USCYBERCOM exchanged cyber attacks with Iran. The United States was responding to APT33 use of wiper malware on US assets. The US was also retaliating against Iran for the downing of an expensive military drone. Now Iran is targeting government agencies looking for vulnerable networks and devices.

Who is APT33?

APT33 is a state-sponsored Advanced Persistent Threat group associated with Iran. The group, also referred to as Elfin, Magnallium or Refined Kitten, has been working since 2013. Like many, APT hacker groups, APT33 targets specific industries. In the case of Elfin, it is the aviation industry and petrochemical production companies. Most of its targets are in the Middle East but other targets were in the United States, Saudi Arabia, South Korea, and Europe.

USCYBERCOM has not accused APT33 of this increase in attacks. Symantec and the US Department of Homeland Security both issued similar warnings in recent months about increased APT33 activity. State-sponsored hacking groups are given alternate names to avoid offending governments that sponsor or control them. The advanced persistent threat group sponsored by the United States is referred to as the Equation Group.

Filed Under: Government Cyber Security Tagged With: APT33, Iran

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version