VERY IMPORTANT

Fidelis Cybersecurity analysis has identified unrelated cyber criminal activity leveraging the vulnerability cited in CVE-2014-4114, which was initially exploited by advanced persistent threat (APT) actors in October 2014. Notably, some of this recent activity demonstrated actors implementing a technique that bypassed antivirus detection by saving a PowerPoint document in which malware executed once the document was opened in Slide Show presentation format. The identification of cyber crime actors, particularly Nigerian 419 scam operators, attempting to exploit CVE-2014-4114 demonstrates how quickly cyber criminals are trying to exploit a vulnerability previously associated with espionage actors, using similar tactics, techniques, and procedures (TTP) to maximize their chances of success, with additional innovation as seen with these samples.