Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw
Apr 27, 2024
Cyber Attack / Malware
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with the filename implying that it may have been shared via the Signal instant messaging app. That having said, there is no actual evidence to indicate that the PPSX file was distributed in this manner, even though the Computer Emergency Response Team of Ukraine (CERT-UA) has uncovered two different campaigns that have used the messaging app as a malware delivery vector in the past. Just last week, the agency disclosed that Ukrainian armed forces are being increasingly targeted by the UAC-0184 group via messaging and dating platforms to serve malware like HijackLoader (aka GHOSTPULSE