216.73.217.64

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

· Published 14/11/2024 11:57 · Modified 14/11/2024 19:30

Export JSON

Essential information

Published
14/11/2024 11:57
Modified
14/11/2024 19:30
Tags
2024-11-14 CVE-2024-43451 hash stealing ntlm pass-the-hash phishing rat russia spark rat ukraine windows zero-day
Related entities
24 observables, 1 intrusion sets (apt), 19 techniques (mitre), 1 malware, 2 others

Description

A newly discovered vulnerability in NT LAN Manager () has been exploited by suspected Russian hackers in cyber attacks against . The flaw, identified as , allows attackers to steal NTLMv2 hashes through minimal user interaction with malicious files. The exploit chain involves emails containing links to compromised Ukrainian government websites, leading to the download of a ZIP archive with a malicious URL file. When interacted with, this file triggers the vulnerability and downloads additional payloads, including the malware. The attack also enables attacks for unauthorized user authentication. Ukrainian CERT has attributed this activity to a threat actor known as UAC-0194.

External references