Threat Actor: Unknown | Unknown
Victim: Microsoft Outlook | Microsoft Outlook
Price: $300,000
Exfiltrated Data Type: Not specified
Additional Information:
- The threat actor claims to possess a zero-day exploit for Remote Code Execution (RCE) in Microsoft Outlook.
- The exploit is said to bypass security measures across all versions of Microsoft Outlook.
- The buyer will receive exclusive rights, the source code of the exploit, and documentation explaining how it works.
- Exclusive rights may allow the buyer to use the exploit without competition or risk from others.
- The source code and documentation provide transparency and customization opportunities for the buyer.
- The threat actor demands transactions to occur through an escrow for security and trust.
A threat actor alleging to possess a zero-day exploit allowing for Remote Code Execution (RCE) in Microsoft Outlook and trying to sell it on a hacking forum. According to the actor, this zero-day exploit bypasses security measures across all versions of the popular email client.
According to the post, the buyer will get exclusive rights, the source code of the exploit, and documentation that details how the exploit works. While exclusive rights are not explained further, this might mean they will have the freedom to leverage it without competition or the risk of others. The source code and the documentation will also provide transparency and customization opportunities for the buyer. With access to it, they can analyze its inner workings, make modifications, and potentially discover further vulnerabilities or improvements.
For the whole package, the threat actor asks for $300,000, and they demand transactions to occur only through an escrow to ensure both parties’ security and trust during the exchange.
Original Source: https://dailydarkweb.net/threat-actor-allegedly-selling-zero-day-targeting-microsoft-outlook-offering-exclusive-access-and-source-code-of-the-exploit/