CVE-2021-40444 exploitation: Researchers find connections to previous attacks

16 September 2021

The recent targeted attacks exploiting the (at the time) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via booby-trapped Office documents have been delivering custom Cobalt Strike payloads, Microsoft and Microsoft-owned RiskIQ have shared. The researchers also found connections between the attackers’ exploit delivery infrastructure and an infrastructure previously used by attackers to deliver human-operated ransomware, the Trickbot trojan and the BazaLoader backdoor/downloader.

Read full article on Help Net Security

Date:

16 September 2021

Categorie(s):

NEWS

Tag(s):

IT, OS, Researchers, RiskIQ, Windows

With its new iPad, Apple’s Empire strikes back6 May 2024
Malware campaign attempts abuse of defender binaries6 May 2024
Microsoft unveils new security features for SOC teams to combat insider threats6 May 2024
BigID launches new hybrid scanning technology for enhance cloud data management6 May 2024
At RSA, Cisco launches bolsters in Security Cloud, built on Hypershield and Splunk6 May 2024