Follina vulnerability exploted in Russian attacks against Ukraine

Ukrainian media organizations are being targeted by Russian cyberattacks exploiting the Microsoft Windows Support Diagnostic Tool remote code execution flaw, dubbed "Follina" and tracked as CVE-2022-30190, since April, reports BleepingComputer. Russian hacking group Sandworm has been suspected by Ukraine's Computer Emergency Response Team to be behind the malicious email campaign, which involved the use of Follina to compromise over 500 media organization recipients. Attackers have been using emails with "LIST of links to interactive maps" as the subject and a similarly named .DOCX file as an attachment. CERT-UA said that opening the file would prompt the execution of a JavaScript code that retrieves a "malicious CrescentImp" payload. Despite the inclusion of indicators of compromise in the advisory, CERT-UA has yet to identify CrescentImp's malware family or functionality. While Ukraine has been commonly targeted by Sandworm during the past few years, the group's attacks have significantly increased after being invaded by Russia.