By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Less than two weeks ago, U.S. Cyber Command launched an offensive on Iran to disable computer systems used by the country's Revolutionary Guard Corps to control rocket and missile launches. Now, the agency has issued an unprecedented public warning that is has discovered the "active malicious use" of a Microsoft Outlook vulnerability that appears to be linked to Iran. When the U.S. opted for an offensive cyber strike instead of a more conventional missile strike in retaliation for the downing of a U.S. drone, it was painted as a backtrack but, as I reported at the time, it was actually a game changer. If the U.S. has used offensive cyber to compromise Iran's core command and control systems, it completely changes the battlefield dynamic. It was also notable that the U.S. decided to put the cyber strike into the public domain. Iran does not play in the same league as Russia or China when it comes to cyber capabilities. The country's ability to retaliate against the U.S. government is limited. But, for Iran, there are many easier targets. And one of the fears expressed by analysts after the military cyber strike was that Iran might elect to increase its cyber activity in the broader non-governmental sector. And so to this warning, and Cyber Command tweeting that it has discovered the "use of CVE-2017-11774 and recommends immediate patching," adding a disabled link to the suspected delivery URL. The vulnerability was first discovered by Sensepost and patched in 2017—so if an Outlook install has been patched there is no concern. But we all know—and countless press articles have run this year alone—that many systems remain unpatched and vulnerable, opening up entire networks to potential bad actors. The bug essentially opens a door for malicious code to escape from Outlook into the underlying operating system. And, the point at issue here is that this vulnerability has been linked to Iran before.  As reported by ZDNet, the bug was first exposed in 2017, "but by 2018, it had been weaponized by an Iranian state-sponsored hacking group known as APT33 (or Elfin), primarily known for developing the Shamoon disk-wiping malware." For more turn to OUR FORUM.

 

GTranslate