Attacks targeted at NATO Summit leveraging Microsoft zero-day

Organizations attending this week's NATO Summit were reported by Microsoft's Threat Intelligence team to be targeted by Russian cybercrime operation Storm-0978, also known as RomCom, in new attacks leveraging an unpatched zero-day in various Windows and Office offerings, tracked as CVE-2023-36884, BleepingComputer reports. Attacks exploiting the flaw, which could result in remote code execution, commenced last month, a report from Microsoft showed. The findings come after separate reports from Ukraine's Computer Emergency Response Team and BlackBerry's Research & Intelligence Team detailed intrusions involving the impersonation of the Ukrainian World Congress to facilitate the deployment of RomCom and the MagicSpell loader. While organizations leveraging Defender for Office and those that have activated the "Block all Office applications from creating child processes" Attack Surface Reduction Rule were noted by Microsoft to be protected from attacks using the flaw, those without the aforementioned defenses were recommended to include certain app names to a registry key while waiting for official patches.