US Cyber Command warns of nation-state hackers exploiting Outlook

It hints at possible involvement from Iran.

Sponsored Links

Omar Marques/SOPA Images/LightRocket via Getty Images
Omar Marques/SOPA Images/LightRocket via Getty Images

The recent surge in state-backed hacking campaigns isn't dying down any time soon. US Cyber Command has reported that unnamed state actors are making "active malicious use" of a 2017-era Outlook vulnerability (long since patched) to escape the email client's sandbox and run malware on a target system. While officials didn't say who was involved, some clues have hinted at a possible connection to Iran.

ZDNet noted that a known Iran-backed hacking team, APT33, had used the same vulnerability in December to install back doors on servers and promptly push the flaw to Outlook users. Chronicle Security's Brandon Levene also found that Cyber Command's code samples appeared related to APT33's disk-wiping Shamoon malware. Symantec had also warned of increased activity from the group in recent months.

If it's Iran and not a more familiar perpetrator like Russia, it suggests that political tensions are translating directly to the digital realm. The US is believed to have knocked out Iranian missile and rocket systems with a cyberattack in late June, for instance. Although this Outlook campaign isn't necessarily direct retaliation for the missile effort, it's hard to imagine Iran doing nothing in response.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget