• Latest
  • Trending
Windows zero-day exploited in US local govt phishing attacks

Windows zero-day exploited in US local govt phishing attacks

June 7, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 17 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Windows zero-day exploited in US local govt phishing attacks

by ITECHNEWS
June 7, 2022
in Infosec, Leading Stories
0 0
0
Windows zero-day exploited in US local govt phishing attacks

European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina.

BleepingComputer is aware of local governments in at least two US states that were targeted by this phishing campaign.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

“Proofpoint blocked a suspected state aligned phishing campaign targeting less than 10 Proofpoint customers (European gov & local US gov) attempting to exploit Follina/CVE_2022_30190,” security researchers at enterprise security firm Proofpoint revealed.

The attackers used salary increase promises to bait employees to open the lure documents, which would deploy a Powershell script as the final payload.

This is used to check if the system is a virtual machine, steal information from multiple web browsers, mail clients, and file services, and collect system information that gets exfiltrated to an attacker-controlled server.

Phishing email
Phishing email (Proofpoint)

As BleepingComputer found while checking the final PowerShell payload of this attack, the threat actors are harvesting large amounts of info revealing this campaign’s reconnaissance attack nature since the collected data can be used for initial access:

  • Browser passwords: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera, Yandex, Vivaldi, CentBrowser, Comodo, CheDot, Orbitum, Chromium, Slimjet, Xvast, Kinza, Iridium, CocCoc, and AVAST Browser.
  • Data from other apps: Mozilla Thunderbird, Netsarang session files, Windows Live Mail contacts, Filezilla passwords, ToDesk configuration file, WeChat, Oray SunLogin RemoteClient, MailMaster, ServU, Putty, FTP123, WinSCP, RAdmin, Microsoft Office, Navicat
  • Windows information: Computer information, list of usernames, Windows domain information

“While Proofpoint suspects this campaign to be by a state aligned actor based on both the extensive recon of the Powershell and tight concentration of targeting, we do not currently attribute it to a numbered TA,” the security researchers said.

PowerShell script
PowerShell script (BleepingComputer)

The security flaw exploited in these attacks is tracked as CVE-2022-30190 and was described by Redmond as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution bug.

CVE-2022-30190 is still unpatched and it affects all Windows versions still receiving security updates (i.e., Windows 7+ and Server 2008+).

If successfully exploited, this zero-day can be used to execute arbitrary code with the privileges of the calling app to install programs, view, change, delete data, or create new Windows accounts.

Proofpoint also revealed last week that the China-linked TA413 hacking group is now exploiting the vulnerability in attacks targeting their favorite target, the international Tibetan community.

Security researcher MalwareHunterTeam also spotted malicious documents with Chinese filenames used to deploy password-stealing trojans.

However, the first attacks targeting this zero-day were spotted more than a month ago, using sextortion threats and invitations to Sputnik Radio interviews as baits.

While Microsoft is yet to release CVE-2022-30190 patches, CISA has urged Windows admins and users to disable the MSDT protocol abused in these attacks after Microsoft reported active exploitation of the bug in the wild.

Until Microsoft releases official security updates, you can patch your systems against these ongoing attacks using unofficial patches released by the 0patch micropatching service.

Source: Sergiu Gatlan
Via: bleepingcomputer
Tags: Windows zero-day exploited in US local govt phishing attacks
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version