July 3, 2024 at 06:05AM
Unknown threat actors exploited a patched Microsoft MSHTML security flaw to distribute the surveillance tool MerkSpy, targeting users in Canada, India, Poland, and the U.S. The attack used a Microsoft Word document to trigger the exploitation, enabling the download and execution of malicious payloads to collect sensitive information and establish persistence.
Based on the meeting notes, it seems that the discussion revolved around the recent activities of threat actors exploiting a security vulnerability in Microsoft MSHTML to deliver a surveillance tool called MerkSpy. The attack primarily targeted users in Canada, India, Poland, and the U.S. It was initiated through a malicious Microsoft Word document containing a job description for a software engineer role, which exploited the CVE-2021-40444 security flaw in MSHTML. This flaw allowed for remote code execution without user interaction, culminating in the delivery and execution of the surveillance tool.
Additionally, Symantec detailed a smishing campaign targeting U.S. users with deceptive SMS messages purportedly from Apple, aiming to trick users into clicking on bogus credential harvesting pages and mimicking an outdated iCloud login template.
The meeting notes also highlighted the actions taken by the threat actors’ to evade detection by security software and establish persistence on compromised systems, as well as exfiltrate sensitive information to external servers under their control.
This information provides a comprehensive overview of the security vulnerabilities exploited by threat actors and their surveillance activities, potentially impacting users in various countries.