New Targeted Attack in the Middle East by APT34, a Suspected Iranian
Threat Group, Using CVE-2017-11882 Exploit
Less than a week after Microsoft issued a patch for CVE-2017-11882
on Nov. 14, 2017, FireEye observed an attacker using an exploit for
the Microsoft Office vulnerability to target a government organization
in the Middle East. We assess this activity was carried out by a
suspected Iranian cyber espionage threat group, whom we refer to as
APT34, using a custom PowerShell backdoor to achieve its objectives.
We believe APT34 is involved in a long-term cyber espionage
operation largely focused on reconnaissance efforts to benefit Iranian
nation-state interests and has been operationa...