Taiwanese government hacked through Microsoft Word vulnerability

Failure to patch reaps rewards for hackers.

A group of hackers has managed to exploit a vulnerability in Microsoft Word to target government and educational institutes in Taiwan.

Microsoft had recently issued a security advisory regarding a serious vulnerability in its Word software and had released a "fix-it" patch immediately to protect the users from being susceptible to any attack using the exploit. However, as with most updates, the users and institutions who failed to update their software and systems in a timely manner risked become victims of attacks from hackers.

Now, a major hacking operation carried out against the Taiwanese government and educational institutes known as "Taidoor" has successfully managed to exploit the Microsoft Word vulnerability, which was left unpatched on the target machines. The hackers have used malicious email attachments with relevant titles such as national polls and free trade issues to dupe the employees into opening the content. The files downloaded to the computers are believed to be capable of stealing sensitive data and carrying out surveillance.

In the past, the "Taidoor" campaigners have used zero-day flaws in Microsoft's Internet Explorer browser for similar attacks. The operation has been active since 2009, and has a similar pattern consisting of vulnerabilities, social engineering and targets which include government agencies.

The attack has once again shed light on the importance of installing updates and running the latest available versions of system software in situations where continuous unattended network interaction takes place.

Source: Tech Week | Image via Brink's Checkout

Report a problem with article
Previous Story

Spotify overhauls Windows Phone app; still no free streaming

Next Story

NSA reportedly bugs some US made routers before they are shipped overseas

12 Comments

Max Norris said,
Unpatched systems.. not following safe computing habits.. zero sympathy.

Probably still running XP and Office '98

Wow i guest IT guys realy sux in Taiwan if they felt in that old trick with fake email! Even i would never open strange emails specially attachments.

Fire this guys and hire smart ones :D

This has nothing to do with IT guys. Anyone can send a simple email with a link to anybody, this will not get automatically flagged. The recipient just needs to be smart enough not to click on every link from unexpected emails.

Odom said,
The recipient just needs to be smart enough not to click on every link from unexpected emails.

No joke, this was supposed to be drilled into memory since what, the 90's? Even my 8 year old daughter knows better.. sad to see people still fall so easily to such a simple trick.

Shadowzz said,
In all fairness it hasn't even been a month. Most environments it takes weeks to publish patches and updates.

And end users never learn.

"ZOMG I just won the lottery, all i need to do is run this executable to claim it!!"

Commenting is disabled on this article.