Buhtrap Hackers Group Using Recently Patched Windows Zero-day Exploit to Attack Government Networks

From gbhackers.com


An Infamous Cyberespionage group known as “Buhtrap” uses a Windows Zero-day exploit for its new campaign to attack businesses and perform targeted attack governmental institutions.

Buhtrap hackers group actively targeting various financial institutions in 2015, since then the group improvising their toolset with new exploits and malware to attack Europe and Asia based countries.

Newly observed targetted attack campaign using an exploit for Windows local privilege escalation(CVE-2019-1132), a vulnerability resides in the win32k.sys component and the vulnerability has been fixed by Microsoft in a recent security update.

An attacker who successfully exploits this vulnerability (CVE-2019-1132) could lead to executing the arbitrary code in kernel mode eventually take control of an affected system.

Read more…