world exit download Cross icon Menu icon

A new version of the Zyklon Malware has been identified in the wild and is actively targeting the Telecommunications, Insurance, and Financial industries. This malware exploits three recent vulnerabilities in Windows Office and has been distributed via phishing campaigns. The Zyklon Malware has a wide variety of capabilities including using infected machines to launch DDOS attacks, stealing credentials through popular browsers and email applications, downloading and executing plugins, replacing bitcoin addresses found in clipboard and tunneling the threat actor’s traffic through the infected machines. According to external sources, the malware is being sold on the dark web for roughly $100. The wide list of capabilities and easy availability of Zyklon makes it highly probable that threat actors will continue employing this malware and pivot to additional industries.

 

What we’re doing about it

  • esNETWORKTM rules have been updated for this threat.
  • Malicious hashes have been blocked via esENDPOINTTM.
  • Known malicious IP addresses have been blocked and added to eSentire’s Global Black List.

 

What you should do about it

  • Keep Microsoft Office patches up to date.
  • Always use caution after receiving a suspicious email.
  • Ensure users are well informed about current threats through awareness programs and training.

 

Additional information

Zyklon Malware exploits the following Microsoft Office vulnerabilities: CVE-2017-8759 [1], CVE-2017-11882 [2] and the DDE Exploit [3].

[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759

[2] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882

[3] https://technet.microsoft.com/en-us/library/security/4053440.aspx

See the latest security advisories

Articles and reports written by eSentire staff and our Threat Intelligence Research Group.

Ready to get started?
We're here to help.

Get Started
Reach out to schedule a meeting and learn more about our Managed Detection and Response, Risk Advisory, and Managed Prevention capabilities.