The US Cyber Command has issued a warning on Twitter about hackers exploiting a vulnerability in Outlook. The warning was issued by the Cyber Command earlier today which talks about a vulnerability identified back in 2017.
The vulnerability CVE-2017-11774 was identified back in 2017 by SensePost researchers and was patched by Microsoft in October of 2017. However, an Iranian state-sponsored hacking group known as APT33 managed to weaponize the vulnerability in 2018. In case you don’t remember, the vulnerability allowed a bad code or malware to escape Outlook sandbox and infect the Operating System. Back in December of 2018, APT33 installed backdoors in web servers to exploit the vulnerability.
USCYBERCOM has discovered active malicious use of CVE-2017-11774 and recommends immediate #patching. Malware is currently delivered from: 'hxxps://customermgmt.net/page/macrocosm' #cybersecurity #infosec
— USCYBERCOM Malware Alert (@CNMF_VirusAlert) July 2, 2019
ZDNet reports that Chronicle Security researcher Brandon Levene discovered that the malware samples uploaded by the US Cyber Command match with the Shamoon activity which took place in January of 2017. Even Symantec has published a warning informing the public to be careful about the increased APT33 activity.