Several cybergangs are using a patched vulnerability (CVE-2015-2545) in Microsoft Office to attack computers that have not uploaded the patch.
Kaspersky Labs has found that at least four criminal organizations, TwoForOne (also known as Platinum), EvilPost, APT16 and Danti, are using the vulnerability to attack companies and countries in Southwest Asia. The Danti group may have already used the exploit to the Indian government's internal network, Kaspersky said.
The vulnerability was discovered in August 2015 and patched the following month with Microsoft update MS15-099, but left unpatched the issue allows an attacker to execute arbitrary code using a specially crafted Encapsulated PostScrip (EPS) file.
The latest large-scale attack took place in February and March 2016 and used spearphishing emails with an attached DOCX document with an infected EPS file that exploited CVE-2015-2545. When downloaded the malware creates a backdoor giving the criminals full access to the system.