216.73.216.86

CVE-2024-38213: From Crumbs to Full Compromise in a Stealthy Cyber Attack

· Published 08/11/2024 12:04 · Modified 08/11/2024 18:52

Export JSON

Essential information

Published
08/11/2024 12:04
Modified
08/11/2024 18:52
Tags
2024-11-08 CVE-2024-38213 asyncrat copy2pwn darkgate rat formbook lummastealer phishing venomrat xworm
Related entities
10 techniques (mitre), 6 malware, 2 others

Description

A targeted email campaign exploiting has been uncovered, disguised as communication related to the Gas Infrastructure Europe Annual Conference in Munich. The attack bypasses standard security protocols to deploy malware, stealing sensitive data. The vulnerability, known as , bypasses Windows' Mark-of-the-Web feature, creating a dangerous security gap. Multiple threat actors, including and , have been linked to its exploitation. The attack involves a sophisticated multi-stage payload, using system utilities for persistence and obfuscation. Recommendations include restricting certain email attachment types, deploying SIGMA rules for detection, and blocking identified indicators of compromise.

External references