China Hackers Exploiting New Microsoft Office Bug

A Chinese government-backed hacking group, previously known for targeting the Tibetan government-in-exile, is now actively exploiting a newly discovered vulnerability in Microsoft Office to steal and delete user data. The cyber-attack, leveraging the ‘Follina’ exploit, has raised serious security concerns worldwide.

What is the ‘Follina’ Microsoft Office Bug?

According to cybersecurity firm Proofpoint, an advanced persistent threat (APT) group known as TA413, allegedly linked to the Chinese government, is exploiting the CVE-2022-30190 vulnerability, commonly referred to as ‘Follina.’ This flaw exists in the Microsoft Support Diagnostic Tool (MSDT) within Windows, allowing attackers to execute arbitrary code on targeted devices.

"TA413 CN APT spotted ITW exploiting the #Follina #0Day using URLs to deliver Zip Archives which contain Word Documents that use the technique. Campaigns impersonate the 'Women Empowerment Desk' of the Central Tibetan Administration," Proofpoint tweeted.

How Does the Follina Exploit Work?

• Attackers embed malicious code within Microsoft Word documents.

• These documents, when opened, trigger the Microsoft Support Diagnostic Tool (MSDT).

• The exploit allows the hacker to execute commands remotely, leading to unauthorized data access, modification, or deletion.

• The malicious campaign specifically impersonates the Women Empowerment Desk of the Central Tibetan Administration, targeting Tibet-related entities.

Microsoft’s Response and Security Advisory

Microsoft has officially acknowledged the vulnerability but has yet to release an official security patch. The company provided mitigation guidelines to reduce the risk of exploitation:

• Disable the MSDT URL protocol to prevent exploitation.

• Ensure Microsoft Defender Antivirus is updated with cloud-delivered protection and automatic sample submission enabled.

• Exercise caution while opening unsolicited email attachments or downloading files from untrusted sources.

“An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts,” Microsoft stated in an update.

US Cybersecurity Agencies Issue Warnings

The US Cybersecurity and Infrastructure Security Agency (CISA) has advised system administrators and IT security professionals to follow Microsoft’s mitigation measures to minimize potential risks.

Kevin Beaumont, a cybersecurity researcher, also highlighted the severity of the vulnerability in a blog post. Reports suggest that ‘Follina’ affects multiple versions of Microsoft Office, including:

• Microsoft Office 2013, 2016, 2019, 2021

• Office ProPlus

• Office 365

China’s History of Cyber Attacks

China-backed hacking groups have a long track record of using software vulnerabilities to target Tibetans and other high-profile entities worldwide. Security experts believe these attacks are part of a broader cyber-espionage campaign aimed at gathering intelligence and disrupting organizations deemed adversarial to the Chinese government.

Notable Previous Attacks by Chinese Hackers:

• 2021: Chinese hacking groups were accused of launching cyberattacks on Indian government websites during the Independence Day period.

• 2020: The APT41 hacking group targeted multiple global companies, exploiting vulnerabilities in software systems.

• 2019: The Tibet-related cyber espionage campaign used malicious emails to deliver malware to Tibetan activists.

Protecting Yourself Against ‘Follina’ and Similar Attacks

To safeguard against Follina and other similar cyber threats, users and organizations should adopt the following security measures:

Immediate Steps to Take:

✅ Apply Microsoft’s suggested mitigations until an official patch is released.

✅ Enable multi-factor authentication (MFA) to add an extra layer of security.

✅ Keep all software and operating systems updated with the latest security patches.

✅ Use endpoint security solutions like Microsoft Defender to detect and block threats.

✅ Train employees on cybersecurity awareness to recognize phishing attempts and malicious email campaigns.

Conclusion

The exploitation of the Follina vulnerability by China-backed hackers highlights the growing cybersecurity threats targeting individuals, organizations, and government entities. As the world waits for an official Microsoft security patch, users must stay vigilant and implement preventive security measures to protect their data from unauthorized access and potential breaches.

For continuous updates on cybersecurity threats, follow AgencyX and subscribe to our newsletter.

Source : Achieve Siyasat