BleepingComputer reports that Ukrainian organizations have been subjected to suspected Russian cyberattacks involving the newly fixed Windows NTLM Hash Disclosure spoofing flaw, tracked as CVE-2024-43451, since June.
Such intrusions, which Ukraine's Computer Emergency Response Team associated with the Russian threat operation UAC-0194, commenced with the delivery of phishing emails with a URL file, which when interacted exploits the vulnerability to facilitate installation of additional payloads, including the open-source trojan SparkRAT, an analysis from ClearSky researchers showed. Additional findings revealed the exploitation of the Server Message Block protocol to enable attempted NTLM hash exfiltration.
Ongoing attacks leveraging the bug, which has been addressed by Microsoft as part of this month's Patch Tuesday, have prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate impacted instances that include all supported Windows iterations by Dec. 3.
Vulnerability Management, Threat Intelligence, Patch/Configuration Management
Newly patched Windows zero-day leveraged to attack Ukraine
Share
(Adobe Stock)
Related Events
Related Terms
BackdoorBlack HatBrute ForceDNS SpoofingDeauthentication AttackDeepfakeDefacementDictionary AttackDumpSecFault Line AttacksGet daily email updates
SC Media's daily must-read of the most current and pressing daily news