The U.S. Cyber Command has issued a public warning to users, companies, and government agencies stating that it is has discovered an “active malicious use” of a vulnerability in Microsoft Outlook that seems to be linked to Iran-backed attackers. The agency stated the attackers might exploit the flaw in the Outlook mail client to turn off security features and gain access to users’ credentials.
“USCYBERCOM has discovered active malicious use of CVE-2017-11774 and recommends immediate patching,” the agency said in a Twitter post.
The Cyber Command suggested the users update their unpatched Outlook versions to prevent potential cyber-attacks. The warning comes after the recent reports that Iran and the U.S. are involving in offensive cyber campaigns.
Recently, the Military cyber forces of the United States launched a cyber-attack against Iranian Military computer systems in response to Iran’s shootdown of $240 million worth U.S. surveillance drone. The attack was performed with the approval from the President Donald Trump.
The attack was targeted on the Iranian military computers that used to control the entire Iran missile operations. According to the Islamic Revolutionary Guard Corps, the drone was taken down when it entered Iran’s airspace near the Kouhmobarak district in the south of Hormuz.
“The downing of the American drone was a clear message to America … our borders are Iran’s red line and we will react strongly against any aggression … Iran is not seeking war with any country, but we are fully prepared to defend Iran,” the Revolutionary Guard commander, Hossein Salami, said in a media statement.
However, the U.S. Air Force denied Iran’s argument. “This was an unprovoked attack on a U.S. surveillance asset that had not violated Iranian airspace at any time during its mission,” said General Joseph Guastella. “This attack is an attempt to disrupt our ability to monitor the area following recent threats to international shipping and the free flow of commerce. The aircraft was over the Strait of Hormuz and fell into international waters.”
Recently, the cybersecurity research firm FireEye claimed that an undetected hackers’ group from Iran is allegedly stealing travel and mobile data of individuals in the Middle East region. According to FireEye, the Iranian group dubbed APT39 has targeted several people in the Middle East, especially in the Gulf region. It’s believed that the espionage group is allegedly providing information to the Iranian government. The researchers at FireEye stated that they had been tracking APT39 activities since 2014 to protect organizations from cyber incidents.