Chinese Hackers Exploit Microsoft Office Latest Zero-Day CVE-2022-30190
Industry: N/A | Level: Tactical | Source: BleepingComputer
Proofpoint has identified a Chinese state-linked threat group, TA413 to be actively exploiting Microsoft Office's latest zero-day, CVE-2022-30190. The observed attack was targeting the international Tibetan community and was delivered in a compressed zip archive. As tweeted by ProofPoint, "TA413 CN APT spotted ITW exploiting the #Follina #0Day using URLs to deliver Zip Archives which contain Word Documents that use the technique. Campaigns impersonate the "Women Empowerments Desk" of the Central Tibetan Administration and use the domain tibet-gov.web[.]app."
- CVE-2022-30190 / Follina : Attack Chain
Anvilogic Use Cases:
- Compressed File Execution
- CVE-2022-30190: Microsoft Office Code Execution Vulnerability