Forcepoint X-Labs Exposes Advanced Microsoft Office Threat

Microsoft Office attack

Recently, Forcepoint X-Labs, a vanguard in cybersecurity, has unveiled an intricate cyber-attack targeting business leaders during a pivotal general election period.

This sophisticated attack, discreetly veiled in an email about voting, first appears innocuous, even mundane. The email, devoid of any overt malicious cues, lists standard voting procedures—a mundane veil for a sinister ploy. Attached is a document, ‘Voting Instructions.docx’, seemingly benign but hiding a Trojan horse.

Image: Forcepoint

The document is blank, but beneath this emptiness lurks a hidden OleObject link, ingeniously disguised as a picture. This marks a significant deviation from the known Follina exploits of 2023, where such links required manual activation. In this attack, the script auto-executes upon opening the document.

Forcepoint X-Labs’ investigation reveals the attack’s discriminatory nature, targeting only specific IP addresses. This raises questions about the attackers’ motives.

“Our investigations have revealed that multiple versions of the same document (hashes listed below) have been sent to prominent business leaders. It is currently not clear what the attackers are looking to gain, but it could be to monitor the sentiments of voters,” the security researcher wrote.

The second stage of this attack is shrouded in mystery, exploiting a yet-unidentified vulnerability in Windows. “We have been unable to execute the second stage of the attack, due to the extremely targeted nature of the attack. It is likely that the web server hosting the second stage is configured to deploy the second stage to specific IP addresses,” the researcher explains.

At this moment in time, it is not clear that there is any ability to change the configuration of Microsoft Office to prevent this exploit.

The attack’s precision and tailored delivery suggest a high degree of sophistication, indicating the involvement of either state-sponsored entities or highly organized cyber criminals.

In conclusion, this novel cyber attack not only reflects the increasing sophistication of digital threats but also underscores the need for relentless vigilance in the digital age.