MysterySnail: Kaspersky finds zero-day exploit for Windows OS14 October 2021
In late summer 2021, Kaspersky’s automated detection technologies prevented a series of attacks using an elevation of privilege exploit on multiple Microsoft Windows servers. Upon closer analysis into the attack, Kaspersky researchers discovered a new zero-day exploit.
Throughout the first half of the year, Kaspersky experts have observed an increase in attacks exploiting zero-days. A zero-day vulnerability is an unknown software bug discovered by attackers before the vendor has become aware of it. Since the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks likely to succeed unexpectedly.
Kaspersky technologies detected a series of attacks using an elevation of privilege exploit on multiple Microsoft Windows servers. This exploit had many debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309, but closer analysis revealed that Kaspersky researchers had discovered a new zero-day. Kaspersky researchers have dubbed this cluster of activity MysterySnail.
The discovered code similarity to, and re-use of, Command and Control (C&C) infrastructure led the researchers to connect these attacks with the infamous IronHusky group and Chinese-speaking APT activity dating back to 2012.
Analyzing the malware payload used with the zero-day exploit, Kaspersky researchers found variants of this malware were used in widespread espionage campaigns against IT companies, military and defense contractors, and diplomatic entities.
The vulnerability was reported to Microsoft and patched on October 12, 2021, as a part of the October Patch Tuesday.
Kaspersky products detect and protect against the exploit for the above vulnerability and associated malware modules.
Learn more about this new zero-day on Securelist.
To protect your organization from attacks exploiting the aforementioned vulnerabilities, Kaspersky experts recommend:
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them.