safeharboroncyber.com
Microsoft Office flaw exploited by suspected Iranian APT groups for spying
CyberWisdom aggregated three articles with similar story that researchers report that the threat actor, assessed to be Iranian APT groups, APT34, and/or possibly APT33 is behind exploiting the memory corruption vulnerability CVE-2017-11882. The hacker deploys the PowerShell-based backdoor POWRUNER as well as BONDUPDATED, a downloader with domain generation algorithm (DGA) functionality. Furthermore, APT34 leveraged the recent Microsoft Office …