China-Backed Hackers Exploit Microsoft Office Vulnerability

According to a threat analysis study, China-backed hackers are exploiting a newly found zero-day vulnerability in Microsoft Office. Security researchers have dubbed the flaw “Follina,” because it allows attackers to run malicious code on Windows devices using Microsoft Word documents. Shortly after the security flaw was discovered last week, Microsoft acknowledged its existence. It hasn’t been corrected yet, though. The Redmond company did not say when a patch for the critical flaw will be released.

According to Proofpoint’s threat analysis, a hacking group known as TA413, which is thought to be linked to the Chinese government, was exploiting the zero-day vulnerability by sending malicious Word documents that appeared to come from the Central Tibetan Administration, the Tibetan Government-in-Exile based in Dharamshala, India. This week, the security firm announced its findings on Twitter.

In 2020, the hacking group TA413 was discovered to be targeting Tibetans all over the world as an advanced persistent threat (APT). It conducts campaigns under the guise of Tibetan exile women’s organizations.

The gang is also known as “LuckyCat” and “Earth Berberoka,” according to Proofpoint.

Last Monday, the Tokyo-based cybersecurity research firm Nao sec brought the latest Microsoft vulnerability, CVE-2022-30190, to light. It was, however, reported to the software behemoth in April. However, according to a security researcher, the corporation at the time declined to consider it a security risk.

Earlier this week, Microsoft finally admitted to the vulnerability’s existence.

“An attacker who successfully exploits this flaw can execute arbitrary code with the calling application’s privileges. In the context allowed by the user’s privileges, the attacker can then install applications, read, alter, or remove data, and create new accounts “In a blog post detailing the scope of the problem, the firm issued a warning.

By using the Microsoft Support Diagnostic Tool to exploit the Follina vulnerability, attackers can run PowerShell commands (MSDT). It can be exploited through the use of a Microsoft Word document, as the hackers appear to be doing in this case.

The issue affects a number of Microsoft products, including Office 2013, Office 2021, and various versions of Office 365. According to the experts who looked into the vulnerability, attackers might target users on both Windows 10 and Windows 11 systems.