July 16, 2024 at 10:34AM
An APT group named Void Banshee exploited an unpatched Microsoft zero-day (CVE-2024-38112) in a spear-phishing campaign to spread Atlantida Stealer across North America, Europe, and Southeast Asia. The group used malicious PDFs to target victims and extract sensitive data and system information from their machines, taking advantage of unsupported services like Internet Explorer to execute the attacks. Trend Micro’s report sheds light on this alarming exploitation, urging organizations to proactively monitor and patch potential vulnerabilities.
From the meeting notes, here are the key takeaways:
1. An advanced persistent threat (APT) group known as Void Banshee exploited an unpatched Microsoft zero-day (CVE-2024-38112) in a spear-phishing campaign to spread the Atlantida Stealer, targeting victims in North America, Europe, and Southeast Asia.
2. The vulnerability exists in the now retired Internet Explorer (IE) browser’s MSHTML (Trident) engine, and can be exploited on a victim’s machine even if IE is disabled or not the default browser.
3. The APT campaign lured victims with malicious files disguised as book PDFs, distributed via cloud-sharing websites, Discord servers, and online libraries, among others.
4. The Atlantida malware focused on extracting sensitive data such as passwords and cookies, as well as capturing the victim’s screen and gathering comprehensive system information.
5. The APT group used malicious shortcuts to convince targets in a spear-phishing campaign to open URL shortcut files designed to look like PDF copies of books, targeting highly skilled professionals and students.
6. The attack ultimately delivers the Atlantida stealer, which targets sensitive information from various applications and sends the stolen data back to an attacker-controlled command-and-control (C2) site.
7. Despite Internet Explorer being retired and receiving no further updates, threat actors can still exploit lingering Windows relics like IE on machines to infect users and organizations with ransomware and other strains of malware.
8. To mitigate the current exploitation of the IE issue, patching the flaw, proactive threat intelligence, and adopting a security posture that constantly monitors for potential flaws and attack surfaces are recommended.
These takeaways highlight the severity of the exploitation and the necessity for organizations to be vigilant in addressing vulnerabilities and monitoring for potential threats.