China-Backed Hackers Found to Be Exploiting Unpatched Microsoft Office Vulnerability

Hacking group labelled TA413 is found to be exploiting the zero-day vulnerability through malicious Word documents.

By Jagmeet Singh | Updated: 2 June 2022 14:48 IST

Highlights

Vulnerability named "Follina" has been leveraged by China-backed hackers
Microsoft was first reported about the issue in April
The vulnerability allows attackers to execute malicious code

China-Backed Hackers Found to Be Exploiting Unpatched Microsoft Office Vulnerability

Microsoft is yet to fix the zero-day vulnerability that impacts its various products

Photo Credit: Reuters

China-backed hackers are exploiting a newly discovered zero-day vulnerability in Microsoft Office, according to a threat analysis research. The vulnerability, which has been called "Follina" by security researchers, allows attackers to execute malicious code on Windows systems through Microsoft Word documents. Microsoft acknowledged the existence of the security loophole shortly after it was brought to notice last week. However, it is yet to be fixed. The Redmond company did not provide any clarity on when exactly it would release a patch for the severe vulnerability.

The threat analysis research conducted by security firm Proofpoint suggests that a hacking group labelled TA413, which is believed to be linked to the Chinese government, was exploiting the zero-day vulnerability through malicious Word documents that appeared to be coming from the Central Tibetan Administration, the Tibetan Government-in-Exile based in Dharamshala, India. The security firm revealed its research on Twitter this week.

Noted as an advanced persistent threat (APT), the hacking group TA413 was also found to be targeting Tibetans around the world in 2020. It runs campaigns impersonating women-focussed groups of the Tibetan exile community.

Proofpoint told TechCrunch that the group is also tracked as "LuckyCat" and "Earth Berberoka".

Tokyo-based cybersecurity research team Nao_sec brought the latest Microsoft vulnerability — tracked as CVE-2022-30190 — to notice last week. However, it was reported to the software giant in April. A security researcher said that the company at the time, though, refused to consider it as a security issue.

Microsoft finally acknowledged the existence of the vulnerability earlier this week.

"An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user's rights," the company warned in a blog post while explaining the scope of the issue.

The Follina vulnerability allows attackers to execute PowerShell commands by hijacking the Microsoft Support Diagnostic Tool (MSDT). It can be exploited using a Microsoft Word document, which is what the hackers seem to be doing in the latest case.

Various Microsoft products including Office 2013 as well as Office 2021 and some versions of Office 365 are affected by the flaw. Attackers could also target users on both Windows 10 and Windows 11 devices, as per the researchers who have examined the issue.

Asus India's Arnold Su joins this week's Orbital, the Gadgets 360 podcast, to talk about how the PC maker is planning to grow its presence in the country. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.