Microsoft has issued a warning about an active phishing campaign that lures users into opening Microsoft Word attachments sent via email. Microsoft first identified the campaign in June 2023.
The attackers, a Russian cybercriminal group known as Storm-0978, are exploiting a zero-day vulnerability of CVE-2023-36884 by sending victims phishing emails that contain infected Microsoft Word files that deploy a backdoor, similar to RomCom Remote Access Trojan (RAT) malware. The malicious software is triggered upon downloading the files, allowing threat actors access to victims’ systems.
According to Microsoft, Windows Defender for Office 365 users and those using Microsoft 365 Apps (Versions 2302 or later) are protected from this attack. However, Adlumin advises that organizations contact your MDR team to assist them with the mitigation steps Microsoft recommends.
This remote code execution attack is among several others that hackers are currently exploiting in the wild since yesterday, including:
continue reading »