Iranian Hackers Abusing Known Bug in Microsoft’s MSHTML

Iranian Hackers Abusing Known Bug in Microsofts MSHTML

An Iranian threat actor was discovered abusing Instagram and Google credentials of Farsi-speaking individuals around the world. The threat group is using PowerShortShell, a new PowerShell-based stealer for this campaign.

The attacks started in July via spear-phishing emails that targeted Windows users with Winword attachments.

They exploited a remote code execution flaw (CVE-2021-40444) in MSHTML that was disclosed months ago. This flaw was exploited to gain initial access and deliver Cobalt Strike Beacon loaders.

Read More: Cyware

For more such updates follow us on Google News ITsecuritywire News