Agent Tesla: the attack vector exploits Microsoft Office

Malicious actors have discovered a years-old vulnerability in Microsoft Office, identified as CVE-2017-11882, to deliver the malware known as Agent Tesla. This software flaw, which has a CVSS score of 7.8, is at the center of phishing campaigns whose aim is the distribution of this spyware, capable of intercepting keystrokes, data copied to the clipboard, screenshots and credentials on infected systems.

The origin of Agent Tesla and the dangers of the Office vulnerability

Agent Tesla was discovered by security analysis specialists in June 2018, but its spread dates back to 2014, initially delivered via malicious Word documents with self-executable VBA macros. Enabling macros by users installs spyware on their devices, allowing threat actors to carry out covert surveillance and data theft. The flaw CVE-2017-11882, which affects every version of Microsoft Office released in the last 17 years, including Office 365, poses a significant risk.

Sophisticated tactics and infected Excel documents in recent attacks

Recently, phishing campaigns use spam emails containing keywords such as "orders" and "invoices" to trick recipients into opening malicious Excel documents and thus spreading malware. Although a security patch was released in 2017, the vulnerability continues to be actively exploited, with a resurgence of attacks that take full advantage of it.

Zscaler's report warns organizations

Zscaler's report highlights the complex strategies put in place to deliver Agent Tesla to target systems, highlighting the importance for organizations to keep a high guard and stay informed about cyber threat developments to protect their digital infrastructure. In fact, Zscaler's ThreatLabz team not only stays alert to such threats, but also shares its findings with the cybersecurity community, thus contributing to the fight against emerging cyber threats.