One Microsoft Office Exploit Has Become Very Popular with Cyber-Espionage Groups

A

Alkajak

Thread author
CVE-2015-2545 is the identifier of a security bug in Microsoft Office that has become very popular with many cyber-espionage groups around the world, such as Platinum, Danti, APT16, Ke3chang, and SVCMONDR.

CVE-2015-2545 allows an attacker to execute malicious code on the user's machine and take over their device by embedding a malicious EPS (Encapsulated Postscript) payload inside Office docs.

The bug affects Office installations running on 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1, and was fixed in Microsoft's security bulletin MS15-099.

CVE-2015-2545 was a zero-day at the time it was fixed
In fact, Microsoft patched the issue to begin with because of a targeted cyber-attack. Back in August 2015, Microsoft's experts noticed the Platinum APT leveraged a never-before-seen exploit (called zero-day) against targets in South-East Asia, mostly against government agencies in Malaysia, Indonesia, China, and India.

The company patched the issue, later known as CVE-2015-2545, and all attacks immediately stopped, even if the Platinum group continued to operate.

Things quieted down for two months, and in November 2015, another cyber-espionage group, APT16, integrated the same exploit for a campaign aimed at news agencies and Taiwan politicians.

CVE-2015-2545 became very popular, very quickly.

Full Article: One Microsoft Office Exploit Has Become Very Popular with Cyber-Espionage Groups
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top