Kaspersky has discovered a new zero-day exploit for Windows OS: MysterySnail. He uses vulnerabilities for espionage campaigns against IT companies, military and defense organizations and diplomatic institutions.
Kaspersky experts have discovered a new zero-day exploit. “MysterySnail” was identified during analysis of a series of privilege elevation attacks on Microsoft Windows servers; previously, the automated detection technologies had caught the attacks.
Increased zero-day attacks
In the first half of the year, Kaspersky experts observed an increase in zero-day attacks. Unknown software errors that have already been discovered by attackers, but of which the provider is not yet aware, are exploited. As a result, no patch is available and the likelihood of a successful attack increases.
Kaspersky technologies detected a number of attacks that used an elevation privilege exploit on Microsoft Windows servers. This exploit had many debug strings from an older, publicly known exploit for the CVE-2016-3309 vulnerability, but closer analysis revealed that it was a new zero-day. Kaspersky researchers named this cluster of activities MysterySnail.
Suspicion falls on the IronHusky group
Due to the discovered code similarity and the reuse of the command and control (C&C) infrastructure, the Kaspersky experts link these attacks to the notorious IronHusky group and Chinese-language APT activities from 2012.
When analyzing the malware payload used in the zero-day exploit, Kaspersky found that variants of this malware were used in widespread espionage campaigns against IT companies, military and defense companies, and diplomatic institutions.
The vulnerability was reported to Microsoft and patched on October 12, 2021 as part of the October Patch Tuesdays. Kaspersky products detect and protect against the exploit for the above-mentioned vulnerability and the associated malware modules.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/