Hackers hit Russian ministry, rocket center using MSHTML vulnerability

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Microsoft Office zero-day also dubbed MSHTML attack exploited to target Russian government including Interior ministry and State Rocket Center.

Malwarebytes Intelligence team reports that the MSHTML vulnerability classified as CVE-2021-40444 has become the focus of threat actors targeting Russian government entities.

Malwarebytes researchers intercepted phishing email attachments revealing that attackers were trying to target Russian organizations.

The CVE-2021-40444 vulnerability involves ActiveX and is an old flaw, but it was discovered recently, and soon enough, threat actors started sharing its PoCs, tutorials, and exploits on hacking forums to let interested individuals obtain step-by-step instructions about how to launch their own attacks.

NEW: Malicious Office documents make up 43% of all malware downloads

Microsoft responded spontaneously by publishing mitigation guidelines, disabling new ActiveX controls installation, and releasing a patch in its latest Patch Tuesday report. However, the patching time is comparatively longer than the time it takes people to exploit the flaw.

Email Template Explanation

The first template Malwarebytes

Read the article