Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks

In The Hacker News - Original news source is thehackernews.com by Blog Writer

Post Sharing
Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems.
“These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon