Named FudModule, the previously undocumented malware achieves its goals via multiple methods "either not known before or familiar only to specialized security researchers and (anti-)cheat developers," according to ESET.ĭiscover the Hidden Dangers of Third-Party SaaS AppsĪre you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk. "This tool, in combination with the vulnerability, disables the monitoring of all security solutions on compromised machines."
" represents the first recorded abuse of the CVE‑2021‑21551 vulnerability," Kálnai noted.
The issue, tracked as CVE-2021-21551, relates to a set of critical privilege escalation vulnerabilities in dbutil_2_3.sys. The intrusions also paved the way for the group's backdoor of choice dubbed BLINDINGCAN – also known as AIRDRY and ZetaNile – which an operator can use to control and explore compromised systems.īut what's notable about the 2021 attacks was a rootkit module that exploited a Dell driver flaw to gain the ability to read and write kernel memory. Attack chains unfolded upon the opening of the lure documents, leading to the distribution of malicious droppers that were trojanized versions of open source projects, corroborating recent reports from Google's Mandiant and Microsoft.ĮSET said it uncovered evidence of Lazarus dropping weaponized versions of FingerText and sslSniffer, a component of the wolfSSL library, in addition to HTTPS-based downloaders and uploaders.
0 kommentar(er)
