CVE-2017-0199 CVE-2017-0199 is a ulnerabilit in Microsoft Oãfce that allo s remote attackers to execute arbitrary code via a crafted document. In 2020, a campaign attributed to North Korea targeting American and European defense and aerospace industries, was spotted abusing the CVE-2017-0199. 30 Also, like CVE-2017-11882 mentioned above, CVE-2017-0199 is also one of the Top Ten æfa s e ploited b nation-state actors from China, North Korea, Russia and Iran. Among nation-state groups spotted exploiting this CVE: 1. The Chinese TA459 group. 31 According to researchers, the targeted major åfnancial åfrms. 2. The Gaza Cybergang group. 32 The group abused this CVE in attacks against government, and oil and gas organizations in the Middle East. 3. The Iranian APT 34 (aka OilRig). 33 They abused this CVE, while targeting multiple Israeli organizations. In addition, both æfa s ere sometimes detected abused in same campaigns, such as the phishing campaign that targeted Ukrainian users in 2018. 34 https://www.sentinelone.com/blog/the-blindingcan-rat-and-malicious-north-korean-activity/ https://securit aâfairs.co/ ordpress/58692/apt/ta459-apt-targets-åfnancial-åfrms.html https://securelist.com/gaza-cybergang-updated-2017-activity/82765/ https:// .securit eek.com/iranian-c berspies-e ploit-recentl -patched-oãfce-æfa ; https://securelist.com/apt-trends-report-q2-2017/79332/ https:// . dnet.com/article/hacking-campaign-uses-old-microsoft-oãfce-æfa s-to-create-backdoors-steal-åfles/ 32. 33. 34. 30. 31. 10 Vulnerability Threat Intelligence Report