Russian hackers exploit a potential Microsoft Office flaw

hackers

The DDE attack only works when Windows’ Protected Mode setting is disabled, and if user clicks through prompts that the attack requires.

“On Tuesday, researchers at McAfee revealed that they’ve been tracking a new phishing campaign from the Russia-linked hacker team. Security researchers have recently shown that a feature of Microsoft Office known as Dynamic Data Exchange can be exploited to install malware on a victim’s computer when they simply open any Office document. McAfee now says APT28 has used that DDE vulnerability since late October. And while the targets McAfee has detected so far are in Germany and France, the hackers have been fooling victims into clicking with file names that reference US-focused topics: both a US Army exercise in Eastern Europe known as SabreGuardian and last week’s ISIS truck attack that killed eight people on a Manhattan bike path.” Read more about it at Wired.