AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Agent Tesla: the attack vector exploits Microsoft Office

Exploiting an outdated vulnerability to spread the well-known malware

The old Microsoft Office vulnerability, CVE-2017-11882, is being used to distribute the Agent Tesla malware. This software flaw threatens to compromise every version of Office released in the last 17 years, including Office 365. Criminals are actively using spam emails to trick users into opening malicious Excel documents. Despite the 2017 security patch, the vulnerability continues to be exploited.

This pill is also available in Italian language

Malicious actors have discovered a years-old vulnerability in Microsoft Office, identified as CVE-2017-11882, to deliver the malware known as Agent Tesla. This software flaw, which has a CVSS score of 7.8, is at the center of phishing campaigns whose aim is the distribution of this spyware, capable of intercepting keystrokes, data copied to the clipboard, screenshots and credentials on infected systems.

The origin of Agent Tesla and the dangers of the Office vulnerability

Agent Tesla was discovered by security analysis specialists in June 2018, but its spread dates back to 2014, initially delivered via malicious Word documents with self-executable VBA macros. Enabling macros by users installs spyware on their devices, allowing threat actors to carry out covert surveillance and data theft. The flaw CVE-2017-11882, which affects every version of Microsoft Office released in the last 17 years, including Office 365, poses a significant risk.

Sophisticated tactics and infected Excel documents in recent attacks

Recently, phishing campaigns use spam emails containing keywords such as "orders" and "invoices" to trick recipients into opening malicious Excel documents and thus spreading malware. Although a security patch was released in 2017, the vulnerability continues to be actively exploited, with a resurgence of attacks that take full advantage of it.

Zscaler's report warns organizations

Zscaler's report highlights the complex strategies put in place to deliver Agent Tesla to target systems, highlighting the importance for organizations to keep a high guard and stay informed about cyber threat developments to protect their digital infrastructure. In fact, Zscaler's ThreatLabz team not only stays alert to such threats, but also shares its findings with the cybersecurity community, thus contributing to the fight against emerging cyber threats.

Follow us on Threads for more pills like this

12/22/2023 11:38

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon