Iran (Apt-33/Elfin): Last night, U.S. Cyber Command, USCYBERCOM, issued a warning to Outlook users to patch their systems immediately. The warning comes as a new campaign targeting users through an older vulnerability has been discovered. According to USCYBERCOM the attackers are seeking to utilize CVE-2017-11774 to deliver malware which is coming from ‘https://customermgmt(dot)net/page/macrocosm’. CVE-2017-11774 was patched by Microsoft during the October 2017 Patch Tuesday, so up-to-date systems are protected. Despite a patch being released nearly two years ago, many systems remain vulnerable. Iran’s APT-33, Elfin, have been seen exploiting this vulnerability in the past. While the warning issued by USCYBERCOM did not directly name APT-33 as the attacker behind this most recent use of CVE-2017-11774.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is