Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability.
Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russia-linked Sandworm APT may be exploiting the recently discovered Follina RCE. The issue, tracked as CVE-2022-30190, impacts the Microsoft Windows Support Diagnostic Tool (MSDT).
Nation-state actors are targeting media organizations in Ukraine, including radio stations, and newspapers. The malspam messages use the topic “LIST of links to interactive maps,” according to the CERT-UA, more malicious emails reached more than 500 recipients.
“Attackers continue to exploit vulnerability CVE-2022-30190 and are increasingly resorting to emails from compromised government emails.” reads the alert published by the Ukraine CERT.
The government experts tracked the activity as UAC-0113, which is a threat actor that with a medium level of confidence is associated with the Sandworm APT group.
Targeting media orgs
CERT-UA also shared indicators of compromise for these attacks.
[출처 : SecurityAffairs / 6.13.]