Site icon Liquidmatrix Security Digest

Cyberspies Exploit Microsoft Office

Here is an interesting article from USA Today that examines a Microsoft Office exploit. This exploit has allegedly been targeted towards US agencies defense and nuclear contractors. These are some rather serious allegations of they prove to be true.

Oh, did I mention? These exploits are apparently originating from China.

Assaults are coming from China and perhaps other countries in the hunt for military, trade and infrastructure intelligence, says Alan Paller, research director at The SANS Institute, a security think tank. The goal: strategic advantage over the USA. “The attacks are working,” says Paller. “Penetrations are deep and broad.”

Some attacks could be “on-demand,” at the behest of companies that hire cybergangs to pilfer data from rivals, says Righard Zwienenberg, chief researcher at Norman Data Defense Systems.

At a congressional hearing last week on cybersecurity, Donald Reid, a senior State Department official, described how an employee in May clicked on a Word document corrupted via a security hole for which Microsoft had no patch. A fix wasn’t available until eight weeks later. Microsoft has issued 10 patches for security holes in Office programs since January 2006, including a handful delivered only after crooks began using newly discovered flaws in their attacks. The best protection: keeping Office security patches updated.

Wow, does this ever remind me of Cliff Stoll’s book “The Cuckoo Egg

Article Link

[tags]Microsoft Exploit, China, US Infrastructure[/tags]

Exit mobile version