From gbhackers.com
Threat actors exploiting the recently patched Windows Kernel Privilege Escalation Vulnerability (CVE-2018-8611) that allows attackers to run arbitrary code in kernel mode and install program with admin privileges.
The vulnerability is due to the improper file execution operations in the kernel mode. Security researchers from Kaspersky uncovered the zero-day vulnerability and it has been reported to Microsoft on October 29, 2018, and Microsoft patched with December security update.
A number of APT groups use the exploit including FruityArmor, CHAINSHOT, and the newly discovered SandCat.