![]() Despite the exploit being written to support all versions of Windows since Vista, the Kaspersky researchers only saw it being used on Windows servers. The exploit used in the attacks borrows code from a public exploit for another Wink32k vulnerability patched in 2016 (CVE-2016-3309). Since this is a privilege escalation vulnerability, it is only used to gain complete control of the targeted systems but is not the original method of entry. F L I R SeptemTopic: Espionage Blog Brand: The Reboot Tags: Espionage China Russia Illegals Spying How China Is Using Espionage to Dethrone the U.S. government and private networks, according a draft. The flaw, tracked as CVE-2021-40449, affects all supported Windows versions and those that are no longer supported and allows code to be executed with system privileges. Chinese Espionage Group Deploys New Rootkit Compatible With Windows 10 Systems Thursday September 30, 2021. NovemThe recent exposure of a secret Chinese military cyber warfare unit has not led to a decrease in cyber espionage against U.S. The group was observed leveraging a previously unknown vulnerability in Win32k.sys, a system driver that’s part of the Windows Graphics Device Interface (GDI), which has been a common source of vulnerabilities in the past. ![]() Privilege escalation vulnerability in Windows GDI driver ![]() The attack campaigns targeted IT companies, defense contractors and diplomatic entities.Īccording to researchers from Kaspersky Lab, the malware deployed with the exploit and its command-and-control infrastructure point to a connection with a known Chinese APT group tracked as IronHusky that has been operating since 2017, but also with other China-based APT activity going back to 2012. One of the vulnerabilities patched by Microsoft Tuesday has been exploited by a Chinese cyberespionage group since at least August. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |