Iran TerrorismUS Issues Warning About Iran Breach in Microsoft Vulnerability

US Issues Warning About Iran Breach in Microsoft Vulnerability


Microsoft Logo

By Jubin Katiraie

US Cyber Command has issued a public warning to Microsoft Outlook users over the “active malicious use” of a vulnerability that appears to be linked to Iran, tweeting that it had discovered the “use of CVE-2017-11774 and recommends immediate patching”.

This comes only a week after the US opted to launch a cyber-attack against Iran’s missile systems in response to the downing of a US drone, as opposed to a traditional military strike that would have caused civilian casualties. Iran’s cyber capabilities are fairly limited when it comes to a strike against the US government or military, which is why they may be choosing to target the civilian sector.

The vulnerability being exploited was discovered and patched in 2017, but many systems or even just individual computers have not updated their Outlook systems since and are still vulnerable to attacks that can infiltrate the underlying operating system. The vulnerability was weaponized in 2018 by an Iranian state-sponsored hacking group, named by cyber security experts as APT33 or Charming Kitten.

APT33, which is responsible for the Shamoon disk-wiping malware that targeted Saudi Arabia’s national oil company in 2012, could be behind a series of intrusions and attempted intrusions via Outlook Web Access or Office 365, according to cyber security firm FireEye.

The US Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) warned last month about a “recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies”.

They said that Iran uses spear phishing, password spraying, and credential stuffing to access accounts and that targets may use their data and their whole network.

The National Security Agency told the Associated Press last month that there have previously been “serious issues with malicious Iranian cyber actions”.

They said: “In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defences are in place.”

While this is an unprecedented move by Cyber Command to issue a public warning on an Iranian cyber attack, this is likely a sign of things to come. Iran has now identified the cyber sphere as a realm where it can take big hits against its enemies – most of whom have a much larger military – without suffering much damage. And it’s not just the US being targeted. Late last year, the UK acknowledged a cyber attack on its high-profile government and commercial systems by Iran.

Latest news

Iran’s 2023 Budget Shrouded In Doubt

On January 22, the Majlis (parliament) approved the draft of the 2023 budget bill proposed by regime president Ebrahim...

Iran: People of Khoy Still Reeling From 5.9-Magnitude Earthquake

An earthquake with a magnitude of 5.9 struck northwest Iran on Saturday, killing at least three people and injuring...

Iran’s Unsolvable Air Pollution Problem

Air pollution will remain at dangerous levels and will increase for the next few days in most big cities,...

The World Must Acknowledge the Iranian People’s Right to Self-defense

Victor Hugo once said: “When dictatorship is a fact, revolution becomes a right.” Throughout history, this has been the...

Iran: 60% Of Population Is Poor

The livelihood baskets of the Iranian people are shrinking dramatically. This, in turn, has introduced new concerns to protect...

The implications of EU’s terrorist designation of the Revolutionary Guards (IRGC)

The European Parliament called on January 18 for the European Union to list Iran's Revolutionary Guards (IRGC) as a...

Must read

Military chief: Iran has intelligence on “enemy movements”

Iran Focus: Tehran, Iran, Oct. 23 – Iran’s Islamic...

Iranian Sent to Prison for 10 Years in UAE for Links to Nuclear Program

Iran Focus London, 27 Apr - An Iranian businessman...

You might also likeRELATED
Recommended to you