Zyklon malware campaign

Security researchers have spotted hackers exploiting newer Microsoft Office vulnerabilities to spread Zyklon HTTP malware.

According to FireEye, Zyklon has been observed in the wild since early 2016 and provides a myriad of sophisticated capabilities, such as “full-featured backdoor capable of keylogging, password harvesting, downloading and executing additional plugins, conducting distributed denial-of-service (DDoS) attacks, and self-updating and self-removal.”

The recent wave of attacks are using spam email and ZIP attachments (with malicious docs) to target Telecommunications, Insurance and Financial Services industries. 

Two of the Office vulnerabilities being exploited include CVE-2017-8759 (discovered as a zero-day back in September 2017) and CVE-2017-11882 (exploited by APT34 group back in December).

This Post Has One Comment

Leave a Reply

Close Menu