Woburn, MA – April 13, 2021 –Kaspersky researchers examining the previously reported CVE-2021-1732 exploit, used by the BITTER APT group, have discovered another zero-day exploit. The experts are currently unable to link this exploit to any known threat actor.
A zero-day vulnerability is essentially an unknown software bug. Upon identification and discovery, they allow attackers to conduct malicious activities in the shadows, resulting in unexpected and destructive consequences.
While analyzing the CVE-2021-1732 exploit, Kaspersky experts found another one and reported it to Microsoft in February. After confirmation that it was indeed a zero-day, it received the designation CVE-2021-28310.
According to the researchers, this exploit has been used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit, found in Desktop Window Manager, allowing the attackers to execute arbitrary code on a victim’s machine.
It is likely that the exploit is used together with other browser exploits to escape sandboxes or obtain system privileges for further access.
Kaspersky’s initial investigation has not revealed the full infection chain, so it is not yet known whether the exploit is used with another zero-day or coupled with known, patched vulnerabilities.
“The exploit was initially identified by our advanced exploit prevention technology and related detection records,” said Boris Larin, security expert at Kaspersky. “In fact, over the past few years, we have built a multitude of exploit protection technologies into our products that have detected several zero-days, proving their effectiveness time and time again. We will continue to improve defenses for our users by enhancing our technologies and working with third-party vendors to patch vulnerabilities, making the internet more secure for everyone.”
A patch for the elevation of privilege vulnerability CVE-2021-28310 was released on April 13th, 2021.
Kaspersky products detect this exploit with the following verdicts:
More information about BITTER APT and IOCs are available to customers of the Kaspersky Intelligence Reporting service. Contact: intelreports@kaspersky.com.
To stay safe from this threat, Kaspersky recommends taking the following security measures:
For further details on the new exploits, see the full report on Securelist.
To take a closer look at the technologies that detected this and other zero-days in Microsoft Windows, a recorded Kaspersky webinar is available to view on demand.
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
Media Contact
Sawyer Van Horn
sawyer.vanhorn@Kaspersky.com
(781) 503-1866