top of page

APT41 - HOODOO, Wicked Panda

Affects:

1200px-Microsoft_365_logo.png

Severity:

HIGH

Productivity Impact:

VERY LOW

Fix Estimate:

2-3 minutes

Automatically protected by:

PREMIUM-logo-label-m.png

Sign up for our BETA

Research:

https://activedirectorypro.com/block-dangerous-file-attachments-in-exchange-online/

Summary:

APT41 sent spearphishing emails with attachments such as compiled HTML (.chm) files to initially compromise their victims.

Remediation details

Disable .CHM files as Email Attachments


  1. Navigate to https://security.microsoft.com/

  2. Click on Policies & Rules

  3. Select Threat Poliicies

  4. Select Anti-malware

  5. Click Edit Protection Settings

  6. Ensure common attachment filter is enabled

  7. Click Select file type

  8. Add .CHM





In addition to the above, there is an a more detailed guide you can leverage here: https://activedirectorypro.com/block-dangerous-file-attachments-in-exchange-online/


bottom of page