• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Microsoft Word flaw used to spread BlackEnergy Trojan

Updated on Jan 30, 2016 by Guest Authors

Attackers believed to be residing in Russia have spread a Trojan file through spearphishing emails that contained malicious Microsoft Word documents, according to security researchers at Kaspersky Lab.

The malicious file allegedly originated from the offshoot of malware campaigns that were launched against Ukraine in 2013, and the Trojan called BlackEnergy will be executed by a script in the malicious Word document. It would be hard for unsuspecting users to detect the malicious nature of the document because it perfectly takes on the form of an ordinary Microsoft Word document.

blackenergy-trojan-1

The BlackEnergy Trojan is built to send information about your computer to a malicious command and control server run by the attackers. This not the first time, however, that hackers took advantage of a vulnerability in the Microsoft Office suite. Last year, Russian hackers also exploited Microsoft Excel and Powerpoint documents to launch their malware campaign.

Like those previous exploits that targeted institutions in Ukraine, the new Microsoft Word malware has been used to hit a television station in the country with  the use of a trick. Security researchers suspected that an employee or someone inside the TV station was lure into clicking a document sent via a spearphishing email. The attachment reportedly contained information about a political party in Ukraine as a pretext. In fact, the document contained the BlackEnergy Trojan.

Researchers that looked into the Microsoft Word document for analysis found the server that communicated with the file has limited IP connection, though the command and server connection is in the request field. This request field contained the name of a television station based in Kiev, which Russia annexed in 2014. Also last year, the TV network was reported to be a victim of attacks perpetrated through the BlackEnergy Wiper.

It is not impossible for the BlackEnergy group to shift their focus on Microsoft Word documents as the attack vector because they have attacked Ukraine in the past using other Microsoft Office tools, according to the researchers.

Worse, fresh reports had it that attacks launched through the BlackEnergy malware have now spread across the industrial control systems in Ukraine. The malware largely depends upon a flaw in Office 2013. It is quite dated now, so we can expect that patches for the flaw have been rolled out before. That means machines that did not receive the fix could have the malware executed in them remotely.

The Industrial Control System Cyber Emergency Response Team of the U.S. also reported having found the BlackEnergy in a number of companies including Siemens last year, suggesting the massive infection of the malware.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

VTOMAN FlashSpeed 1500 Portable Power Station Review

OpenRock S Review – Revolutionizing the World of Earbuds

KEF LS50 Bookshelf Speakers Review: A Sound Decision Over the LS50 Meta

ALLPOWERS SP033 200W Portable Solar Panel Review – Eco-Friendly Energy on the Go

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • VTOMAN FlashSpeed 1500 Portable Power Station Review
  • OpenRock S Review – Revolutionizing the World of Earbuds
  • AiDot OREiN & Linkind Matter Smart Light Bulb Review
  • OKP L1 Robot Vacuum Cleaner Review – Affordable Robot with LiDAR Navigation

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}