Tag Archive for: escalation

Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation

/in


One of the vulnerabilities patched by Microsoft Tuesday has been exploited by a Chinese cyberespionage group since at least August. The attack campaigns targeted IT companies, defense contractors and diplomatic entities.

According to researchers from Kaspersky Lab, the malware deployed with the exploit and its command-and-control infrastructure point to a connection with a known Chinese APT group tracked as IronHusky that has been operating since 2017, but also with other China-based APT activity going back to 2012.

Privilege escalation vulnerability in Windows GDI driver

The group was observed leveraging a previously unknown vulnerability in Win32k.sys, a system driver that’s part of the Windows Graphics Device Interface (GDI), which has been a common source of vulnerabilities in the past. The flaw, tracked as CVE-2021-40449, affects all supported Windows versions and those that are no longer supported and allows code to be executed with system privileges.

Since this is a privilege escalation vulnerability, it is only used to gain complete control of the targeted systems but is not the original method of entry. The exploit used in the attacks borrows code from a public exploit for another Wink32k vulnerability patched in 2016 (CVE-2016-3309). Despite the exploit being written to support all versions of Windows since Vista, the Kaspersky researchers only saw it being used on Windows servers.

“In the discovered exploit attackers are able to achieve the desired state of memory with the use of GDI palette objects and use a single call to a kernel function to build a primitive for reading and writing kernel memory,” the researchers said in their report. “This step is easily accomplished, because the exploit process is running with Medium IL and therefore it’s possible to use publicly known techniques to leak kernel addresses of currently loaded drivers/kernel modules. In our opinion, it would be preferable if the Medium IL processes had limited access to such functions as NtQuerySystemInformation or EnumDeviceDrivers.”

MysterySnail RAT

The hackers used the privilege escalation exploit to deploy a remote shell Trojan (RAT) that Kaspersky dubbed MysterySnail….

Source…

Jammu drone strike marks dangerous escalation by Pak

/in


It is vital that we do not let ourselves get trapped in a defensive and reactive stance, confined to consequence management. The emphasis must shift from mere protection to punishment.

 

On Sunday, 27 June, Pakistan crossed a significant escalation threshold in its asymmetric war in Jammu and Kashmir. Two drones struck the strategic air base of Jammu between 0127 and 0130 hours in the morning. They came at the height of 100m and dropped 2 kg charges of high-grade military explosives (probably RDX) with impact detonators. Their likely targets were the helicopters hanger and Air Control Tower (ACT), but they missed. One created a hole in the roof of a concrete building and the other exploded on the ground. Two Air Force boys were injured slightly. This was a significant qualitative escalation in the asymmetric war being waged in Kashmir. By using drones to target a strategic air base, Pakistan had ushered in the era of drone warfare in South Asia with a low cost- high impact strike using COTS (Commercial Off The Shelf Technology) of quad copter drones. The simple fact is that such plastic, battery operated drones have a zero radar cross-section and are very difficult to detect and even harder to stop. Thus, they are a very optimal and cost- effective solution for any attacker. The defender will always be at disadvantage in such a scenario.

Post the strike, there was the usual strident media outcry. How were we caught napping again, especially since intelligence agencies had warned us that drones may be employed? Such scapegoat seeking narratives betray a complete ignorance of the technological complexities involved in detecting and shooting down such small drones. The fact is, Indian Air Force (IAF) is well equipped to detect and deal with HALE (High Altitude Long Endurance) and MALE (Mid Altitude Long Endurance) class of larger drones, but such small and cheap drones present an entirely different set of problems.

 

ERA OF DRONE WARFARE

Drones have been extensively employed for decades now. Surprisingly, their use in fact dates back to the Vietnam War. Their employment in the Bosnia conflict indicated their vulnerability in a dense AD environment….

Source…

On the brink of cyber warfare: Attacks feared over US-Iranian escalation – The Daily Swig

/in

On the brink of cyber warfare: Attacks feared over US-Iranian escalation  The Daily Swig
“exploit kit” – read more

Zero-day privilege escalation disclosed for Android – Ars Technica

/in

Zero-day privilege escalation disclosed for Android  Ars Technica

Researchers have disclosed a zero-day vulnerability in the Android operating system that gives a major boost to attackers who already have a toe-hold on an …

“zero day exploit” – read more