By Jubin Katiraie
US Cyber Command has issued a public warning to Microsoft Outlook users over the “active malicious use” of a vulnerability that appears to be linked to Iran, tweeting that it had discovered the “use of CVE-2017-11774 and recommends immediate patching”.
This comes only a week after the US opted to launch a cyber-attack against Iran’s missile systems in response to the downing of a US drone, as opposed to a traditional military strike that would have caused civilian casualties. Iran’s cyber capabilities are fairly limited when it comes to a strike against the US government or military, which is why they may be choosing to target the civilian sector.
The vulnerability being exploited was discovered and patched in 2017, but many systems or even just individual computers have not updated their Outlook systems since and are still vulnerable to attacks that can infiltrate the underlying operating system. The vulnerability was weaponized in 2018 by an Iranian state-sponsored hacking group, named by cyber security experts as APT33 or Charming Kitten.
APT33, which is responsible for the Shamoon disk-wiping malware that targeted Saudi Arabia’s national oil company in 2012, could be behind a series of intrusions and attempted intrusions via Outlook Web Access or Office 365, according to cyber security firm FireEye.
The US Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) warned last month about a “recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies”.
They said that Iran uses spear phishing, password spraying, and credential stuffing to access accounts and that targets may use their data and their whole network.
The National Security Agency told the Associated Press last month that there have previously been “serious issues with malicious Iranian cyber actions”.
They said: “In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defences are in place.”
While this is an unprecedented move by Cyber Command to issue a public warning on an Iranian cyber attack, this is likely a sign of things to come. Iran has now identified the cyber sphere as a realm where it can take big hits against its enemies – most of whom have a much larger military – without suffering much damage. And it’s not just the US being targeted. Late last year, the UK acknowledged a cyber attack on its high-profile government and commercial systems by Iran.