Persistent Exploits in Microsoft Outlook: Iranian Hackers Bypass Security Patches
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Vulnerability Exploitation,Phishing
- Attack Complexity: High
- Threat Risk: High Impact/Low Probability
Threat Overview
Iranian APT groups, notably APT34 and APT33, have exploited the CVE-2017-11774 vulnerability in Microsoft Outlook, using it for espionage and destructive attacks. This exploit involves modifying Outlook's homepage settings via the registry to achieve persistence and remote code execution, bypassing Microsoft's patch. The attacks have targeted sectors globally, leveraging custom phishing documents and Azure-hosted payloads to bypass security measures and maintain control over compromised systems.
Extracted IOCs
- ddbc153e4e63f7b8b6f7aa10a8fad514
Tip: 1 related IOCs (0 IP, 0 domain, 0 URL, 0 email, 1 file hash) to this threat have been found.