Security researchers have spotted hackers exploiting Microsoft Office vulnerabilities CVE-2017-8759 and CVE-2017-11882 to spread Zyklon HTTP malware.
According to FireEye, Zyklon has been observed in the wild since early 2016. FireEye warns Zyklon provides a myriad of sophisticated capabilities, such as “full-featured backdoor capable of keylogging, password harvesting, downloading and executing additional plugins, conducting distributed denial-of-service (DDoS) attacks, and self-updating and self-removal.”
The recent wave of attacks are using spam email and ZIP attachments (with malicious docs) to target Telecommunications, Insurance and Financial Services industries.
Update (January 20, 2020): In a recent article, both of these vulnerabilities are listed in the “Top 20 vulnerabilities to patch now” that are most under attack.