Microsoft has announced a phishing campaign by a Russian threat actor group Storm-0978 (also referred to as RomCom) targeting a previously unknown zero-day, now being tracked as CVE-2023-36884. Read on to learn more.
How does the Microsoft zero-day work?
Through what Microsoft describes as “a series of remote code execution vulnerabilities impacting Windows and Office products,” Storm-0978 can install malicious payloads on targeted devices. The zero-day leverages social engineering, as the initial attack requires opening a maliciously-crafted .docx or .rtf document.
The vulnerability was exploited before disclosure and used in recent attacks targeting organizations that attended the NATO Summit in Vilnius, Lithuania. Since this vulnerability has been publicly disclosed, other threat actor groups will likely begin exploring ways to take advantage of the bug.