FireEye: Word gap for State espionage used

FireEye has more details about the Tuesday published by Microsoft closed zero-day vulnerability in Word . Thus the vulnerability was used not only for the spreading the Dridex malware but also to attack Russian speaking victims with the Finspy malware. Known Finspy, also called FinFisher, is one of the German British gamma group developed commercial spy software. To their customers, the Federal Government should include also .

 logo from FireEye (image: FireEye) already from January 25 was therefore trying to entice users with an alleged Decree of the Russian Defense Ministry, as well as a guide of the”people’s Republic of Donetsk”to open a specially prepared Word file. The file once again took advantage of the early April known zero-day gap with the identifier CVE-2017-0199 Finspy to inject and execute.

in addition the vulnerability but even before their disclosure was used by cybercriminals. Malware Latentbot distributed in early March. Your task is to collect login information. FireEye provides a purely financial motivation among the hackers. “Latentbot is a modular and very well-camouflaged malware discovered for the first time in December 2015 from FireEye”, the company shared with .

Latentbot steal not only sensitive data, the malware is able to delete data or entire hard disks and to shut down security software. She also have a remote maintenance function. Users can lock the malicious software, including file names with “Bewerbungsformular.doc” and “!” Urgent! Read!. doc”.

FireEye wants to have found also that the Government hackers and also the cybercriminals have received the zero-day exploit for Microsoft Word from the same source. As proof, the company sees the identical to the second time stamp of the prepared Word documents used by both parties.

“Although only a Finspy users was observed, which has used these zero-day exploit, the previous range of Finspy which was used by several nation States, suggests the presumption that several customers had access to them”, is the conclusion of FireEye. The incident reinforced the global nature of cyber threats and the need for a global approach. “A Cyberspionage incident directed against Russians can be an opportunity to learn from cybercrime against English-speaking users, and to prevent them.”


security for the smart home

survey updates, password protection and backup challenges uncovers – the seven most important tips!

Tip: you know the most famous hacker? Check your knowledge – with 15 questions on

Be the first to comment

Leave a Reply