Agent Tesla: the attack vector exploits Microsoft Office
Exploiting an outdated vulnerability to spread the well-known malware
The old Microsoft Office vulnerability, CVE-2017-11882, is being used to distribute the Agent Tesla malware. This software flaw threatens to compromise every version of Office released in the last 17 years, including Office 365. Criminals are actively using spam emails to trick users into opening malicious Excel documents. Despite the 2017 security patch, the vulnerability continues to be exploited.
Malicious actors have discovered a years-old vulnerability in Microsoft Office, identified as CVE-2017-11882, to deliver the malware known as Agent Tesla. This software flaw, which has a CVSS score of 7.8, is at the center of phishing campaigns whose aim is the distribution of this spyware, capable of intercepting keystrokes, data copied to the clipboard, screenshots and credentials on infected systems.
The origin of Agent Tesla and the dangers of the Office vulnerability
Agent Tesla was discovered by security analysis specialists in June 2018, but its spread dates back to 2014, initially delivered via malicious Word documents with self-executable VBA macros. Enabling macros by users installs spyware on their devices, allowing threat actors to carry out covert surveillance and data theft. The flaw CVE-2017-11882, which affects every version of Microsoft Office released in the last 17 years, including Office 365, poses a significant risk.
Sophisticated tactics and infected Excel documents in recent attacks
Recently, phishing campaigns use spam emails containing keywords such as "orders" and "invoices" to trick recipients into opening malicious Excel documents and thus spreading malware. Although a security patch was released in 2017, the vulnerability continues to be actively exploited, with a resurgence of attacks that take full advantage of it.
Zscaler's report warns organizations
Zscaler's report highlights the complex strategies put in place to deliver Agent Tesla to target systems, highlighting the importance for organizations to keep a high guard and stay informed about cyber threat developments to protect their digital infrastructure. In fact, Zscaler's ThreatLabz team not only stays alert to such threats, but also shares its findings with the cybersecurity community, thus contributing to the fight against emerging cyber threats.
Follow us on Threads for more pills like this12/22/2023 11:38
Marco Verro