Microsoft Office was recently discovered to contain a security gap which could be exploited by hackers. Dridex malware, which is hungry for confidential information of users was one of the threats that was able to slither inside through this unprotected hole. It is mostly after sensitive details like banking account information, passwords and other material that could lead to users’ financial losses. The goods news is that Microsoft has already produced an appropriate patch to fix these issues before the situation got out of hand. At first, it is presumed that this vulnerability in Microsoft Word was mostly exploited by hackers, but now, as more light is shed on this subject, it turns out that governments were distributing spyware thanks to this flaw.
Russia – the main target
Governments appear to have given orders to professional hackers so they would use the vulnerability in Microsoft Office for their benefit. FinSpy spyware was the tool, expected to be successfully inserted into targeted devices. Russian officials or authorities appear to have been the main targets. Hackers waved files that mentioned Russian Ministry of Defense in front of Russians and anticipated that they would obediently swallow these baits. The malicious .doc file, which could be modified to exploit the vulnerability in Microsoft Word, was allegedly published from Eastern Ukraine, controlled by anti-Kyiv rebels. The .doc file presumably downloaded the payload for FinSpy spyware tool.
It is identified that unidentified hackers lured potential victims with urgently-sounding titles, suggesting that they have to read the document. This tactic was exploited while attempting to spread Latentbot through the security gap in Microsoft Office. This specific malware sample could be opting to receive users’ personal information and with it, commit identity theft. Another fearsome deed that Latentbot can complement is the removal of entire content, held in hard drives. It is also possible that Latentbot can provide remote access to hackers. This means that shady programmers will gain control over infected devices and will be allowed to initiate various types of commands.
However, not a lot of explicit details can be provided by the attack as hackers managed to conceal the way their actions took place and which information was targeted. Furthermore, it is impossible to determine who exactly was targeted, but knowing the nature of the malicious document, we would presume that ordinary Russians were not the primary targets.
You should already be aware: every action you initiate can have repercussions. Even if you assume that opening a random .doc file is not a significant thing to complete, we disagree. This article is the proof: simply by opening a malicious executable, users might become infected with a whole bunch of Trojans and spyware.
Source: fireeye.com
