China govt-backed hackers exploiting new Microsoft Office bug

China government-backed hackers, previously observed targeting the Tibetan government-in-exile based in Dharamshala, are actively exploiting a bug in Microsoft Office to steal and delete users’ data.
According to cyber-security firm Proofpoint, the newly-discovered vulnerability titled ‘Follina’ in Microsoft Office is being exploited by advanced persistent threat (APT) group ‘TA413’ linked to the Chinese government.
“TA413 CN APT spotted ITW exploiting the #Follina #0Day using URLs to deliver Zip Archives which contain Word Documents that use the technique. Campaigns impersonate the “Women Empowerments Desk” of the Central Tibetan Administration,” Proofpoint said in a tweet.
Chinese hackers have a long history of using software security flaws to target Tibetans.
Microsoft has acknowledged the vulnerability, officially titled CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability, but was yet to issue a security patch.