< Back
backup img
07 December 2023

Windows MSDT zero-day now exploited by Chinese APT hackers

Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability (known as 'Follina') to execute malicious code remotely on Windows systems.This Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution flaw (tracked as CVE-2022-30190) impacts all Windows client and server platforms still receiving security updates (Windows 7 or later and Windows Server 2008 or later).
Actively exploited in the wildThe TA413 APT group, a hacking outfit linked to Chinese state interests, has adopted this vulnerability in attacks against their favorite target, the international Tibetan community.
Today, CISA also urged admins and users to disable the MSDT protocol on their Windows devices after Microsoft reported active exploitation of this vulnerability in the wild.The first CVE-2022-30190 attacks were spotted over a month ago using sextortion threats and invitations to Sputnik Radio interviews as lures.

 

Read more about it: here