BleepingComputer reports that Ukrainian organizations have been subjected to suspected Russian cyberattacks involving the newly fixed Windows NTLM Hash Disclosure spoofing flaw, tracked as CVE-2024-43451, since June.
Such intrusions, which Ukraine's Computer Emergency Response Team associated with the Russian threat operation UAC-0194, commenced with the delivery of phishing emails with a URL file, which when interacted exploits the vulnerability to facilitate installation of additional payloads, including the open-source trojan SparkRAT, an analysis from ClearSky researchers showed. Additional findings revealed the exploitation of the Server Message Block protocol to enable attempted NTLM hash exfiltration. Ongoing attacks leveraging the bug, which has been addressed by Microsoft as part of this month's Patch Tuesday, have prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate impacted instances that include all supported Windows iterations by Dec. 3.
