This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
An MSHTML vulnerability listed under CVE-2021-40444 is being used to target Russian entities, as per Malwarebytes.
Malwarebytes Intelligence has detected email attachments directed especially against Russian enterprises. The first template they discovered is structured to resemble an internal communication within JSC GREC Makeyev.
The Joint Stock Company State Rocket Center named after Academician V.P. Makeyev is a strategic asset of the country’s defence and industrial complex for both the rocket and space industries. It is also the primary manufacturer of liquid and solid-fuel strategic missile systems with ballistic missiles, making it one of Russia’s largest research and development centres for developing rocket and space technology.
The email purports to be from the organization’s Human Resources (HR) department. It stated that HR is conducting a check of the personal information given by workers. Employees are asked to fill out a form and send it to HR, or to respond to the email.
When the recipient wishes to fill out the form, they must allow editing. And that action is sufficient to activate the exploit. When the target opens a malicious Office document, MSHTML loads a specially designed ActiveX control. The loaded ActiveX control can then execute arbitrary code to attack the machine with further malware.
The second file, Malwarebytes discovered appears to be from Moscow’s Ministry of the Interior. The attachment may be used to aim at a variety of fascinating targets. The documents’ title translates to
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: MSHTML Attack Targets Russian State Rocket Centre and Interior Ministry