"Attackers Exploit 6-Year-Old Microsoft Office Bug to Spread Spyware"

In an email campaign characterized by sophisticated evasion tactics, attackers are exploiting a 6-year-old Microsoft Office Remote Code Execution (RCE) flaw to deliver spyware. According to Zscaler, the threat actors use business-related lures in spam emails that deliver files containing the RCE flaw. The attackers' ultimate goal is to load Agent Tesla, a Remote Access Trojan (RAT) and advanced keylogger discovered in 2014. They want to exfiltrate credentials and other data from an infected system through their Telegram bot. The RCE bug is a memory corruption flaw found in the Equation Editor of Microsoft Office. Successful exploitation of the flaw allows attackers to run arbitrary code in the context of the current user and take over the system if a user with administrator privileges is logged in. This article continues to discuss the exploitation of an old RCE flaw to deliver spyware.

Dark Reading reports "Attackers Exploit 6-Year-Old Microsoft Office Bug to Spread Spyware"

Submitted by grigby1

Submitted by Gregory Rigby on