Tensions between the US and Iran in the Strait of Hormuz have subsided but on the "web" it appears that Iranians are continuing their activity against US targets in the US and elsewhere.
On Wednesday morning, US Cyber Command tweeted that it had discovered "active malicious use" of a known bug in Microsoft Outlook, "CVE-2017-11774." USCYBERCOM discovered the CVE-2017-11774 and recommended immediate #patching.
The malware is currently distributed by: '' hxxps: //customermgmt.net/page/macrocosm '#cybersecurity #infosec
In their tweet, Cyber Command does not reveal who is using the bug to launch attacks. But the cybersecurity company FireEye reported that a number of Iranian hackers are busy exploiting this vulnerability.
"Using the CVE-2017-11774 bug continues to cause confusion for many security professionals“, The company wrote in a statement sent to reporters on Wednesday. "If Outlook launches something malicious, a common assumption is that the affected user has been phished, which is not what is happening here. The cybersecurity organization can waste valuable time looking for the problem without focusing on the root cause ".
In a post last December, FireEye reports on the activity of a hacker group named APT33, probably activated "by the Iranian government". In a June update, the company said it found the same characters to be very active. APT33 have launched a new campaign against the US and in particular against federal government agencies, financial sectors, media and education.
This update coincides with a June 22 warning from the Cybersecurity and Infrastructure Security Agency, or CISA, which issued a "warning" about a "recent increase in cybercriminal activity directed at US industries and government agencies by actors delegates of the Iranian regime ".
The new attacks are highly destructive, termed "wiper attacks" and that those responsible are "trying to do much more than steal data and money. The tactics used are common such as spear phishing, password spraying and credential filling. The deception is that you think you are only losing your account data, instead you risk losing the entire server network ”.
At last week's One Tech Summit, Ed Wilson, deputy assistant secretary of defense for cyber policy, described the recent escalation of Iranian offensive criminal activity as a "horizontal escalation”Which indicates an increase in the volume of activity, rather than a sudden change in the types of tactics used. “I think a lot of times we think the escalation is vertical in nature,” he said.
The statement follows a comment by US CHOD, Gen. Joe Dunford last May, who, likewise, spoke of increased Iranian activity.
The New York Times reports that the United States, in response, has stepped up cyber operations against Iranian intelligence groups involved in planning the attack on various foreign oil tankers.