This article has been indexed from Help Net Security
The recent targeted attacks exploiting the (at the time) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via booby-trapped Office documents have been delivering custom Cobalt Strike payloads, Microsoft and Microsoft-owned RiskIQ have shared. The researchers also found connections between the attackers’ exploit delivery infrastructure and an infrastructure previously used by attackers to deliver human-operated ransomware, the Trickbot trojan and the BazaLoader backdoor/downloader. The attacks and their possible goals Judging by the email lures used … More
The post CVE-2021-40444 exploitation: Researchers find connections to previous attacks appeared first on Help Net Security.
Read the original article: CVE-2021-40444 exploitation: Researchers find connections to previous attacks