You are here

Cyber Resilience – How to Block Microsoft OneNote Files from Delivering Malware

Cyber Resilience – How to Block Microsoft OneNote Files from Delivering Malware

Created: Tuesday, March 7, 2023 - 15:09
Categories:
Cybersecurity, Security Preparedness

Since mid-December 2022, threat actors have been increasingly exploiting Microsoft OneNote files to deliver malware and compromise victims. Last week, WaterISAC shared a DHS report on attackers successfully utilizing weaponized Microsoft OneNote files for malware distribution. Threat actors, including ransomware gangs, are actively using this delivery method to infect organizations. Specifically, threat actors behind the QakBot campaigns successfully used this tactic to compromise an organization and infect its network with BlackBasta ransomware. To help organizations proactively defend against this activity, BleepingComputer posted comprehensive guidance on how to block malicious Microsoft OneNote files. Read more detailed guidance on blocking Microsoft OneNote at BleepingComputer.

Additional WaterISAC Reporting on the OneNote infection vector and/or Qakbot/Qbot: