topic Microsoft Equation Editor Exploit in Tech Talk https://community.isc2.org/t5/Tech-Talk/Microsoft-Equation-Editor-Exploit/m-p/25939#M1592 <P><SPAN>There is a new cyberattack campaign using malicious RTF documents that has been targeting government IT agencies in Eastern Asia, according to research published today by&nbsp;</SPAN><A href="https://www.proofpoint.com/us" target="_self">Proofpoint</A><SPAN>.</SPAN></P><P>&nbsp;</P><P><SPAN>Dubbed Operation LagTime IT,&nbsp;the malicious documents delivers custom Cotx RAT malware to tech agencies responsible for overseeing government network infrastructures. Proofpoint has attributed&nbsp;the campaign to the Chinese threat group known as TA428. Researchers believe the likely motivation is conducting espionage on capabilities like 5G&nbsp;and establishing a beachhead for future attacks.</SPAN></P><P>&nbsp;</P><P><SPAN>Proofpoint determined that the infection vector observed in the campaign was spear phishing, with emails originating from both free email accounts and compromised user accounts. Attackers relied on Microsoft Equation Editor exploit&nbsp;<A href="https://nvd.nist.gov/vuln/detail/CVE-2018-0798" target="_blank">CVE-2018-0798</A>&nbsp;to deliver a custom malware.</SPAN></P> Mon, 09 Oct 2023 09:16:50 GMT AppDefects 2023-10-09T09:16:50Z Microsoft Equation Editor Exploit https://community.isc2.org/t5/Tech-Talk/Microsoft-Equation-Editor-Exploit/m-p/25939#M1592 <P><SPAN>There is a new cyberattack campaign using malicious RTF documents that has been targeting government IT agencies in Eastern Asia, according to research published today by&nbsp;</SPAN><A href="https://www.proofpoint.com/us" target="_self">Proofpoint</A><SPAN>.</SPAN></P><P>&nbsp;</P><P><SPAN>Dubbed Operation LagTime IT,&nbsp;the malicious documents delivers custom Cotx RAT malware to tech agencies responsible for overseeing government network infrastructures. Proofpoint has attributed&nbsp;the campaign to the Chinese threat group known as TA428. Researchers believe the likely motivation is conducting espionage on capabilities like 5G&nbsp;and establishing a beachhead for future attacks.</SPAN></P><P>&nbsp;</P><P><SPAN>Proofpoint determined that the infection vector observed in the campaign was spear phishing, with emails originating from both free email accounts and compromised user accounts. Attackers relied on Microsoft Equation Editor exploit&nbsp;<A href="https://nvd.nist.gov/vuln/detail/CVE-2018-0798" target="_blank">CVE-2018-0798</A>&nbsp;to deliver a custom malware.</SPAN></P> Mon, 09 Oct 2023 09:16:50 GMT https://community.isc2.org/t5/Tech-Talk/Microsoft-Equation-Editor-Exploit/m-p/25939#M1592 AppDefects 2023-10-09T09:16:50Z