Operation WordDrone: Hackers Exploit Microsoft Word 2010 Flaw to Target Taiwan’s Drone Industry
Cybersecurity firm Acronis has uncovered a sophisticated cyber campaign, Operation WordDrone, targeting Taiwan’s expanding drone manufacturing sector. Attackers exploited a long-standing vulnerability in Microsoft Word 2010, using a DLL side-loading technique to deploy malware through seemingly legitimate Word installations.
Once inside a system, the malware installed a backdoor, enabling threat actors to steal credentials, move laterally across networks, and execute remote commands. The attack evaded traditional antivirus detection, complicating mitigation efforts.
The campaign’s focus on Taiwan’s drone industry is particularly concerning. Since the government ramped up investments in military-grade UAVs in 2022, the sector has become a prime target for cyber espionage. The command-and-control (C2) infrastructure was traced to Taiwanese servers, suggesting a deliberate strike against the nation’s defense and technological capabilities.
This incident highlights how outdated software vulnerabilities can be repurposed in modern, high-stakes cyberattacks, posing a growing risk to critical industries amid rising geopolitical tensions.
Source: https://betanews.com/article/operation-worddrone-taiwan-drone-cyberattack/
HJUAVS 航見科技(HANG-JIAN TECH CO., LTD ) cybersecurity rating report: https://www.rankiteo.com/company/hjuav
"id": "HJU1768665139",
"linkid": "hjuav",
"type": "Cyber Attack",
"date": "6/2010",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Defense, Technology (UAVs)',
'location': 'Taiwan',
'type': 'Drone manufacturing companies'}],
'attack_vector': 'DLL side-loading via Microsoft Word 2010',
'data_breach': {'sensitivity_of_data': 'High (military-grade UAV sector)',
'type_of_data_compromised': 'Credentials, network access'},
'description': 'Cybersecurity firm Acronis has uncovered a sophisticated '
'cyber campaign, *Operation WordDrone*, targeting Taiwan’s '
'expanding drone manufacturing sector. Attackers exploited a '
'long-standing vulnerability in Microsoft Word 2010, using a '
'DLL side-loading technique to deploy malware through '
'seemingly legitimate Word installations. Once inside a '
'system, the malware installed a backdoor, enabling threat '
'actors to steal credentials, move laterally across networks, '
'and execute remote commands. The attack evaded traditional '
'antivirus detection, complicating mitigation efforts. The '
'campaign’s focus on Taiwan’s drone industry is particularly '
"concerning due to the government's investments in "
'military-grade UAVs since 2022, making the sector a prime '
'target for cyber espionage. The command-and-control (C2) '
'infrastructure was traced to Taiwanese servers, suggesting a '
'deliberate strike against the nation’s defense and '
'technological capabilities.',
'impact': {'data_compromised': 'Credentials, network access, remote command '
'execution',
'operational_impact': 'Lateral movement across networks, backdoor '
'installation'},
'initial_access_broker': {'backdoors_established': 'Yes',
'entry_point': 'Microsoft Word 2010 vulnerability '
'(DLL side-loading)',
'high_value_targets': 'Taiwan’s drone industry '
'(military-grade UAVs)'},
'lessons_learned': 'Outdated software vulnerabilities can be repurposed in '
'modern, high-stakes cyberattacks, posing risks to '
'critical industries amid geopolitical tensions.',
'motivation': 'Cyber espionage, geopolitical tensions',
'post_incident_analysis': {'root_causes': 'Exploitation of unpatched '
'Microsoft Word 2010 vulnerability, '
'DLL side-loading technique'},
'references': [{'source': 'Acronis'}],
'response': {'third_party_assistance': 'Acronis'},
'title': 'Operation WordDrone: Hackers Exploit Microsoft Word 2010 Flaw to '
'Target Taiwan’s Drone Industry',
'type': 'Cyber Espionage',
'vulnerability_exploited': 'Microsoft Word 2010 vulnerability'}