Office 365 Team Discovers Phishing Email Pushing WinRAR Exploit

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A recent targeted attack against organizations in the satellite and communications industry echoes techniques seen in campaigns from cyberespionage group MuddyWater.

The attack leveraged the recently reported 19-year old vulnerability (CVE-2018-20250) in WinRAR (now patched) to launch a convoluted infection chain in an attempt to run a fileless PowerShell backdoor. Successful compromise could grant the adversary full control of the target machine.

With over 100 distinct exploits emerging in the first week after disclosure in February, the WinRAR vulnerability was not an opportunity to be missed, even by the more sophisticated cyberespionage groups.

Office 365 Advanced Threat Protection (ATP) spotted the malicious file carrying the exploit for the WinRAR ACE vulnerability. Noticing an aattack with a higher sophistication level, the Office 365 ATP Research Team started to analyze the incident.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top