The scan result of documents with InPage vulnerability on VirusTotal: InPage Vulnerability Analysis (CVE-2017-12824) QiAnXin Threat Intelligence Center sorts out the timeline of targeted attacks in which InPage vulnerability was exploited in the past two years as following: That shows more connections among those 4 APT groups from South Asian. After further analysis, some samples in the attack have strong connections with some APT groups, specifically Patchwork, Bahamut, and Confucius. Through the analysis of this group of documents with InPage vulnerabilities and related attack activities, we can conclude that the attacker is BITTER APT organization disclosed by us in 2016. However, first attack by using such software vulnerability can be traced back to June 2016. Kaspersky disclosed one target attack in which InPage vulnerability was exploited in November 2016. In addition, Office documents with CVE-2018-0798 vulnerability were also used in the attack. InPage is a word processing software designed specifically for Urdu speakers (official language in Pakistan). Attacker exploited one vulnerability (CVE-2017-12824) of InPage to craft bait documents (.inp). Recently, QiAnXin Threat Intelligence Center found a series of targeted attacks against Pakistan targets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |