0-day IE attacks part of decade long hacks on Chinese gover…

The Chinese researchers who discovered attacks using Microsoft’s just patched Windows Visual Basic Script (VBScript) flaw claim the attackers were non-Chinese state-sponsored hackers that have been targeting the Chinese government for the past decade.

Researchers at Qihoo 360 Core Security have released their English language assessment of attacks they discovered in April that used a then unknown flaw to compromise targets using an Internet Explorer exploit dubbed “Double Kill” that was delivered in an Office document. 

Microsoft credited the Chinese research team and Kaspersky Lab analysts with finding a VBScript flaw — tracked as CVE-2018-8174 — patched in Microsoft’s Tuesday May update. 

Microsoft didn’t confirm it was the same issue revealed in April, however the Qihoo 360 Core Security team say it definitely was the bug it reported, which aligns with Kaspersky Lab’s conclusions in its report on the flaw it was credited with finding. 

Both reports clarified the attacks were embedded in a Word document and commonly cite the use of variations on an Office flaw (CVE-2017-0199). Microsoft patched this bug in April 2017 to block a then zero-day attack, which similarly used VBScript with PowerShell commands to deliver malware via a Word document with an embedded exploit. 

AddSearch Trends

Be the first to comment

Leave a Reply

Your email address will not be published.