Author Topic: U.S. Military Warns Outlook Users To Update Immediately Over Hack Linked To Iran  (Read 420 times)

Online javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35125
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Less than two weeks ago, U.S. Cyber Command launched an offensive on Iran to disable computer systems used by the country's Revolutionary Guard Corps to control rocket and missile launches. Now, the agency has issued an unprecedented public warning that is has discovered the "active malicious use" of a Microsoft Outlook vulnerability that appears to be linked to Iran.

When the U.S. opted for an offensive cyber strike instead of a more conventional missile strike in retaliation for the downing of a U.S. drone, it was painted as a backtrack but, as I reported at the time, it was actually a game changer. If the U.S. has used offensive cyber to compromise Iran's core command and control systems, it completely changes the battlefield dynamic. It was also notable that the U.S. decided to put the cyber strike into the public domain.

Iran does not play in the same league as Russia or China when it comes to cyber capabilities. The country's ability to retaliate against the U.S. government is limited. But, for Iran, there are many easier targets. And one of the fears expressed by analysts after the military cyber strike was that Iran might elect to increase its cyber activity in the broader non-governmental sector.

And so to this warning, and Cyber Command tweeting that it has discovered the "use of CVE-2017-11774 and recommends immediate patching," adding a disabled link to the suspected delivery URL.


US CYBER COMMAND

The vulnerability was first discovered by Sensepost and patched in 2017—so if an Outlook install has been patched there is no concern. But we all know—and countless press articles have run this year alone—that many systems remain unpatched and vulnerable, opening up entire networks to potential bad actors. The bug essentially opens a door for malicious code to escape from Outlook into the underlying operating system.

And, the point at issue here is that this vulnerability has been linked to Iran before.  As reported by ZDNet, the bug was first exposed in 2017, "but by 2018, it had been weaponized by an Iranian state-sponsored hacking group known as APT33 (or Elfin), primarily known for developing the Shamoon disk-wiping malware."

FireEye reported back then that "APT33 may be behind a series of intrusions and attempted intrusions—identifying publicly accessible Outlook Web Access (OWA) or Office 365 that is not protected with multi-factor authentication. The adversary leverages the stolen credentials and a tool like RULER to deliver exploits through Exchange’s legitimate features."

Last month, the Cybersecurity and Infrastructure Security Agency (CISA) within the DHS issued a blanket warning about a"recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies... using destructive ‘wiper’ attacks, looking to do much more than just steal data and money."

CISA warned that "these efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network."

Also last month, the National Security Agency confirmed to AP that "there have been serious issues with malicious Iranian cyber actions in the past. In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defenses are in place."

It is becoming a serious threat. Iran has identified cyber as a sphere where it can generate serious traction against its various enemies around the world. And this means it's not just the U.S. under attack. The U.K. acknowledged an Iranian cyber attack late last year that compromised high-profile government and commercial systems.

This, though, is still an unprecedented warning for U.S. Cyber Command where Iran is concerned—but it is undoubtedly a sign of things to come.

source