Quick Heal Security Labs

Malspam Campaign using CVE-2017-0199 Targets Manufacturing, Pharmaceutical, and other important Industries

August 31, 2017
  • 4
Estimated reading time: 2 minutes

Quick Heal Security Labs has come across various email campaigns that are actively exploiting the famous vulnerability CVE-2017-0199 in their bid to target prominent private industries in India. CVE-2017-0199 was a zero-day vulnerability reported in April 2017 by two different security firms. Almost all of the MS Office versions were affected by it. Microsoft had issued a patch for this vulnerability on 11th April 2017. As usual, many attackers started exploiting this vulnerability in their spam campaigns.  The following is an analysis of this campaign by Quick Heal Security Labs.

Attack chain

Fig 1

Fig 1

Targeted organizations
The below figure represents the statistics of organizations targeted by the malicious campaign.

Fig 2

The manufacturing sector seems to be the most favored target followed by pharmaceuticals, exports, and hotels.

Download the PDF report below to go through a detailed technical analysis of the campaign




Subject Matter Experts

  • Pawan Chaudhari, Aniruddha Dolas | Quick Heal Security Labs
  • 4

Have something to add to this story? Share it in the comments.

Quick Heal Security Labs
About Quick Heal Security Labs
Quick Heal Security Labs is a leading source of threat research, threat intelligence, and cybersecurity. It analyzes data fetched from millions of Quick Heal...
Articles by Quick Heal Security Labs »

No Comments, Be The First!

Your email address will not be published.