2022-06-07

Chinese Hackers Exploit Microsoft Office Latest Zero-Day CVE-2022-30190

Level: 
Tactical
  |  Source: 
BleepingComputer
Share:

Chinese Hackers Exploit Microsoft Office Latest Zero-Day CVE-2022-30190

Industry: N/A | Level: Tactical | Source: BleepingComputer

Proofpoint has identified a Chinese state-linked threat group, TA413 to be actively exploiting Microsoft Office's latest zero-day, CVE-2022-30190. The observed attack was targeting the international Tibetan community and was delivered in a compressed zip archive. As tweeted by ProofPoint, "TA413 CN APT spotted ITW exploiting the #Follina #0Day using URLs to deliver Zip Archives which contain Word Documents that use the technique. Campaigns impersonate the "Women Empowerments Desk" of the Central Tibetan Administration and use the domain tibet-gov.web[.]app."

Anvilogic Scenario:

  • CVE-2022-30190 / Follina : Attack Chain

Anvilogic Use Cases:

  • Compressed File Execution
  • CVE-2022-30190: Microsoft Office Code Execution Vulnerability

Get trending threats published weekly by the Anvilogic team.

Sign Up Now