The recent surge in state-backed hacking campaigns isn’t dying down any time soon. US Cyber Command has reported that unnamed state actors are making “active malicious use” of a 2017-era Outlook vulnerability (long since patched) to escape the email client’s sandbox and run malware on a target system. While officials didn’t say who was involved, some clues have hinted at a possible connection to Iran.
ZDNet noted that a known Iran-backed hacking team, APT33, had used the same vulnerability in December to install back doors on servers and promptly push the flaw to Outlook users. Chronicle Security’s Brandon Levene also found that Cyber Command’s code samples appeared related to APT33’s disk-wiping Shamoon malware. Symantec had also warned of increased activity from the group in recent months.
If it’s Iran and not a more familiar perpetrator like Russia, it suggests that political tensions are translating directly to the digital realm. The US is believed to have knocked out Iranian missile and rocket systems with a cyberattack in late June, for instance. Although this Outlook campaign isn’t necessarily direct retaliation for the missile effort, it’s hard to imagine Iran doing nothing in response.