cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Champion

Microsoft Equation Editor Exploit

There is a new cyberattack campaign using malicious RTF documents that has been targeting government IT agencies in Eastern Asia, according to research published today by Proofpoint.

 

Dubbed Operation LagTime IT, the malicious documents delivers custom Cotx RAT malware to tech agencies responsible for overseeing government network infrastructures. Proofpoint has attributed the campaign to the Chinese threat group known as TA428. Researchers believe the likely motivation is conducting espionage on capabilities like 5G and establishing a beachhead for future attacks.

 

Proofpoint determined that the infection vector observed in the campaign was spear phishing, with emails originating from both free email accounts and compromised user accounts. Attackers relied on Microsoft Equation Editor exploit CVE-2018-0798 to deliver a custom malware.