Tech News
Chinese cyber attack sparks alert over six year old MS vuln
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has recently added a Microsoft vulnerability from 2018 to its Known Exploited Vulnerabilities (KEV) catalogue. This decision was made after evidence surfaced indicating that the China-backed APT41 advanced persistent threat group is using this vulnerability in their attack chain.
The vulnerability, known as CVE-2018-0824, was initially addressed by Microsoft in the May 2018 Patch Tuesday update. It is a remote code execution (RCE) flaw in Microsoft COM for Windows, resulting from a failure to properly handle serialized objects.
To successfully exploit this vulnerability, an attacker must persuade an at-risk end-user to open and run a specially-crafted file or script. This could be achieved through methods such as phishing attacks or luring them to a compromised website.
While Microsoft stated in 2018 that the vulnerability was not publicly disclosed or known to be exploited, recent findings by Cisco’s Talos threat research unit revealed that APT41 utilized CVE-2018-0824 in a malicious campaign targeting a government-affiliated research institute in Taiwan.
As part of this attack, APT41 utilized tools such as ShadowPad malware, Cobalt Strike, and a custom loader to inject a PoC malware called UnmarshalPwn into memory. This allowed them to elevate their privileges within the victim’s systems.
The Talos team believes that APT41 may have used similar attack chains in other campaigns as well. They hope that by sharing this information, the cybersecurity community can collaborate to investigate further.
CISA’s KEV catalogue is primarily aimed at ensuring prompt and effective patching within US federal government agencies. Organizations are expected to implement these patches within a specific timeframe, including the CVE-2018-0824 vulnerability by 26 August 2024.
It is essential for all organizations to be aware of this exploited vulnerability and address it promptly. For more information on the attack chain and analysis of the tools used in the Taiwanese victim’s case, refer to Cisco Talos.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend