Iranian hackers exploiting Outlook vulnerability, US military warns

4 Jul 2019

Image: © LIGHTFIELD STUDIOS/Stock.adobe.com

The US military has issued a warning urging people to patch Outlook, alleging that state-sponsored Iranian hackers are exploiting a 2017 vulnerability.

US Cyber Command has issued an alert recommending that Outlook users patch their systems immediately, alleging that threat actors are leveraging a 2017 vulnerability to plant malware on government networks.

The vulnerability, dubbed CVE-2017-11774, is a security bug that was discovered and documented by security researchers from SensePost. It allows cybercriminals to escape the Outlook ‘sandbox’ and run malware on the underlying operating system. Though the bug was promptly patched, users can be occasionally sluggish to adopt vital security updates and hence may still be vulnerable.

The hacking has been linked to a group researchers call Advanced Persistent Threat 33 (APT33), a cohort of hackers that, according to FireEye, is working “at the behest of the Iranian government”.

Tensions between Washington and Tehran have continued to escalate in the past few months both online and offline. In June the director of the US Cybersecurity and Infrastructure Security Agency, Christopher Krebs, issued a statement claiming that there had been a “rise in malicious cyber activity” directed at US industries by Iranian actors and proxies.

The US famously launched cyberattacks the same day US president Donald Trump called off an strike on Iranian targets. The attacks were levelled against an Iranian intelligence group that the US government believes helped plan attacks against oil tankers. They were instigated, the US said, in response to Iran shooting down a US drone.

International warfare has been increasingly brought to the digital realm, such as in this case, though some would argue that Iran’s cyberwarfare capabilities pale in comparison to larger countries such as Russia and China.

Russia warned of the impending possibility of “cyberwar” amid alleged attacks from the US. The Kremlin made a statement in the wake of the US reportedly ramping up its digital incursions as a warning to president Vladimir Putin. These actions were, some sources believe, taken without Trump’s knowledge.

Just last week, more details emerged about Operation Cloud Hopper, a hacking operation that targeted eight major tech firms by infiltrating these companies’ cloud providers. The attack has been linked to the Chinese Ministry of State Security, and two Chinese men were indicted in December 2018.

“China’s goal, simply put, is to replace the US as the world’s leading superpower, and they’re using illegal methods to get there. They’re using an expanding set of non-traditional and illegal methods,” said FBI director Christopher Wray at the time.

Eva Short was a journalist at Silicon Republic

editorial@siliconrepublic.com