US Cyber Command has issued an alert via Twitter today about threat actors abusing an Outlook vulnerability to plant malware on government networks.
The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in the October 2017 Patch Tuesday.
The Outlook bug, discovered and detailed by security researchers from SensePost, allows a threat actor to escape from the Outlook sandbox and run malicious code on the underlying operating system.
US Cyber Command's Twitter account doesn't issue alerts about financially-motivated hacker crews targeting the US, and is focused on nation-state adversaries only.
US Cyber Command's Twitter alert is also not novel. The agency started publishing malware samples on VirusTotal and issuing Twitter alerts last fall, deeming it a faster way of spreading security alerts about ongoing cyber-attacks and putting the US private sector on notice.
Besides just tweeting a simple alert, the US Cyber Command's Twitter account also shared a link to five recent malware samples that were involved in the recent attacks.