[h347]

A recently patched Windows vulnerability, CVE-2024-43461, has now been confirmed as previously exploited by the Void Banshee APT hacking group. Initially disclosed during the September 2024 Patch Tuesday, Microsoft hadn’t marked it as exploited at the time. However, on Friday, Microsoft updated the advisory to reflect that this flaw had indeed been used in attacks before being fixed.

The vulnerability was discovered by Peter Girnus, a Senior Threat Researcher at Trend Micro, who confirmed that Void Banshee exploited the flaw in zero-day attacks to install malware that steals sensitive information. Void Banshee is an APT group targeting organizations in North America, Europe, and Southeast Asia for data theft and financial gain.

In July 2024, both Check Point Research and Trend Micro reported similar attacks using two Windows zero-days: CVE-2024-38112 (fixed in July) and CVE-2024-43461 (fixed in September). These attacks used the Atlantida info-stealer to harvest passwords, authentication cookies, and cryptocurrency wallets. CVE-2024-38112 allowed attackers to force Windows to open malicious websites in Internet Explorer instead of Microsoft Edge through crafted shortcut files.

Let me know if you liked the information I've shared, is there anything else I missed. CVEs combined with info stealer are my favorite category.

[pygor]

Really Nice, THx