"Spear-Phishers Hijack In-Progress Conversation in Highly-Targeted Attack"

Security researchers at Palo Alto have discovered a spear-phishing campaign in which a bank based in the Middle East, an international sporting organization, certain individuals with ties to a Northeast Asian country, as well as Europe-based trademark and intellectual property device companies were targeted. The spear-phishing campaign named “Freemilk” has been discovered by researchers to have launched its attack through the exploitation of the “CVE-2017-0199 Microsoft Word Office/WordPad Remote Code Execution Vulnerability”. According to researchers, the perpetrators behind this attack also interrupted a conversation and masqueraded as legitimate senders in order to transmit these spear-phishing emails to their targets. This article further discusses the process of this spear-phishing attack, other discoveries made in the examination of this attack by researchers, and ways in which companies could protect themselves from such attacks. 

SC UK reports "Spear-Phishers Hijack In-Progress Conversation in Highly-Targeted Attack"