From thehackernews.com
![Microsoft Office Zero-Day Vulnerability](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiUNLbMQKFGJkk_0MuvTZUsbdZk7Mwzi1ubRnWBoCLxeBkICJ8W6xX9SHPsYas7bLDtqj4wO1lZsmsxuPuAxkocOzNUvBMbOmM2yJIGg2t7CnMv5yAaUiSHpTbdt9nsHappGPYR_oG1nild6RLvcMvaILplweROkw7HFZp7QvCAE_V31Ku-G5wnnnZq/s728-e1000/office.jpg)
An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems.
“TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique,” enterprise security firm Proofpoint said in a tweet.
“Campaigns impersonate the ‘Women Empowerments Desk’ of the Central Tibetan Administration and use the domain tibet-gov.web[.]app.”
TA413 is best known for its campaigns aimed at the Tibetan diaspora to deliver implants such as Exile RAT and Sepulcher as well as a rogue Firefox browser extension dubbed FriarFox.