FireEye: Russians, Others Exploiting Zero-day Microsoft Office Vulnerabilities

FireEye has identified three new zero-day vulnerabilities in Microsoft Office products that have been exploited by Russian cyber espionage entities and a yet-to-be-identified group.

Russian threat actors Turla and APT28 are believed to have used the zero-day weaknesses in Encapsulated PostScript (EPS) against European diplomatic and military agencies, according to a new FireEye blog post. Those same vulnerabilities have been exploited by unknown attackers targeting the Middle Eastern offices of regional and global banks.

According to the post, FireEye is working with the Microsoft Security Response Center (MSRC) to disclose details of the recent threats. Meanwhile, Microsoft is advising customers to sign up for security updates and follow the suggestions in security advisory ADV170005 to protect against EPS filter vulnerabilities. Microsoft also addresses the recent attacks in this blog post.

The recent discoveries are the latest in a series of FireEye zero-day findings. You can learn more in the company’s 2015 report, “Zero-day Danger: A Survey of Zero-Day Attacks and What They Say About the Traditional Security Model,” detailing 18 zero-day vulnerabilities since late 2012. In the document, FireEye explains the magnitude of zero-day threats, describes the specific vulnerabilities and lists tips to help reduce risk.

Don’t miss another threat – stay on top of emerging phishing and malware threats and attacks, all delivered straight to your inbox completely free. Subscribe to PhishMe® Threat Alerts today.

Aaron Higbee Chats Google Doc Scam and other Phishing Trends on the Charles Tendell Show
Bogus Claim: Google Doc Phishing Worm Student Project

Leave a Reply