Follina Vulnerability Targets Government Entities

Industry: Government | Level: Tactical | Source: BleepingComputer

ProofPoint has identified the exploitation of CVE-2022-30190/Follina in phishing campaigns targeting European and US governments distributing malicious Rich Text Format (RTF) documents. The email attempts to lure victims with promises of salary increases to open the malicious document, once executed a PowerShell script downloads the attacker's payload. As tweeted by ProofPoint, "Proofpoint blocked a suspected state-aligned phishing campaign targeting less than 10 Proofpoint customers (European gov & local US gov) attempting to exploit #Follina / #CVE_2022_30190." The payload, as analyzed by BleepingComputer, identified the reconnaissance activity to gather large amounts of data. Attribution of the attacker are currently unknown, although ProofPoint's early findings suggests a state aligned actor.

Anvilogic Scenario:

• CVE-2022-30190 / Follina : Attack Chain

Anvilogic Use Case:

• CVE-2022-30190: Microsoft Office Code Execution Vulnerability