US Cyber Command has issued a warning – a very public warning on its Twitter account – that it has found the “active malicious use” of a vulnerability within Microsoft Outlook that the Iranian regime appears to be linked to.
The Iranian regime has a sophisticated cyber-crime network, but it is far from being as advanced as some of the other big players in the world. Analysts looking into the situation believe that the Iranian regime may not have the resources or knowledge to be able to cause disruption to the American government and are warning that the regime’s cyber criminals may strike the wider non-governmental sector.
Sense-post were the first to find out about the Outlook vulnerability two years ago. The patch that US Cyber Command recommended in their message on Twitter is not applicable to some who have already done the patching. However, there are a great number of systems that are vulnerable, meaning that wider networks are exposed to the threat.
Forbes explains: “The bug essentially opens a door for malicious code to escape from Outlook into the underlying operating system.”
Last year, the regime in Iran was able to take the vulnerability and turn it into a weapon. This was done by one of its hacking groups that is known by the name “APT33”, or “Advanced Persistent Threat 33”, which is said to have targeted defense, aerospace and petrochemical industries in a number of countries including the United States and Saudi Arabia.
Cyber agencies have, in the past few years, been warning about the Iranian regime’s cyber capabilities in general. They have been saying that the regime, which was once a very low threat, is piling more resources into cyber-attack techniques. The Iranian-backed groups are becoming increasingly sophisticated and must not be underestimated.
Only last month, the Cyber security and Infrastructure Security Agency (CISA) warned that the United States has become a particular target of malicious cyber activity, naming Iran as the instigator.