Follina Exploited by State-Sponsored Hackers

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft’s now-patched Follina vulnerability. According to researchers at Proofpoint, state-sponsored hackers have attempted to abuse the Follina vulnerability in Microsoft Office, aiming an email-based exploit at U.S. and E.U. government targets via phishing campaigns.

Proofpoint researchers spotted the attacks and believe the adversaries have ties to a government, which it did not identify. Attacks consist of campaigns targeting victims U.S. and E.U. government workers. Malicious emails contain fake recruitment pitches promising a 20 percent boost in salaries and entice recipients to download an accompanying attachment.

The text states, “You’ll be getting a [20%]sic increase in your salary.” The message prompts recipients to open an attached document “before this weekend” to learn more.

In a Twitter-based statement, Sherrod DeGrippo, vice president of threat research at Proofpoint, said about 10 Proofpoint customers had received over 1,000 such messages.

The malicious attachment targets the remote code execution bug CVE-2022-30190, dubbed Follina.

Discovered last month, the flaw exploits the Microsoft Windows Support Diagnostic Tool. As Microsoft explained in a blog post, the bug

Read More: https://threatpost.com/follina-exploited-by-state-sponsored-hackers/179890/