Kaspersky Lab Automatic Exploit Prevention technology, embedded in most of the company’s endpoint solutions, has detected a series of targeted cyber-attacks. The attacks were attempted by a new piece of malware that exploited a previously unknown zero-day vulnerability in the Microsoft Windows operating system. The intension was for cybercriminals to gain persistent access to victim systems in the Middle East. The vulnerability was patched by Microsoft on 9 October.
An attack via a zero-day vulnerability is one of the most dangerous forms of cyberthreat, as it involves the exploitation of a vulnerability that is yet to be discovered and fixed. If found by threat actors, a zero-day vulnerability can be used for the creation of an exploit that will open access to a whole system. This attack scenario is widely used by sophicticated actors in APT attacks, and was used here.
The discovered Microsoft Windows exploit was delivered to the victims via a PowerShell backdoor. It was then executed in order to get the necessary privileges for persistence on victim systems. The code of the malware was of high quality and was written to enable the reliable exploitation of as many different Windows builds as possible.
The cyber-attacks targeted less than a dozen of various organizations in the Middle East during the late summer. It is suspected that the actor behind the attack could be related to the FruityArmor group – as a PowerShell backdoor has exclusively been used by this threat actor in the past. Upon discovery, Kaspersky Lab’s experts immediately reported the vulnerability to Microsoft.
Kaspersky Lab products detected this exploit proactively through the following technologies:
“When it comes to zero-day vulnerabilites, it is critical to actively monitor the threat landscape on for new exploits. At Kaspersky Lab, our constant threat intelligence research aims to not only find new attacks, and establish the targets of different cybethreat actors, we are also intent at learning what malicious technologies these criminals use. As a result of our research, we have a foundation layer of detection technologies which let us prevent attacks - such as the one that intended to use this vulnerability,” said Anton Ivanov, security expert at Kaspersky Lab.
To avoid zero-day exploits Kaspersky Lab recommends implementing the following technical measures:
Find more details on Securelist.com
Full report is available for our customers on the Kaspersky Lab APT Intelligence Reporting
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.