February 14, 2024 at 07:09AM
Microsoft’s latest Patch Tuesday resolves over 70 vulnerabilities, including two zero-day exploits used for financial market trader attacks by the Water Hydra threat group. Trend Micro described the attacks, outlining the exploitation of CVE-2024-21412 to deliver DarkMe malware. It affects Windows Server 2019, Windows Server 2022, Windows 10, and Windows 11, posing a serious risk to targeted users.
From the meeting notes, it is clear that Microsoft has patched over 70 vulnerabilities, including CVE-2024-21412 and CVE-2024-21351, which were exploited in attacks. Trend Micro has published details on attacks exploiting CVE-2024-21412 by a threat group known as Water Hydra. This group has targeted the financial industry, including gambling websites, casinos, forex and stock trading platforms, and banks. The attacks involved the exploitation of a vulnerability to deliver a malware called DarkMe to financial market traders. The DarkMe malware enables the attackers to perform various malicious actions. Additionally, Water Hydra was previously linked to a financially motivated hack-for-hire group but is now considered a separate cybercrime group. Trend Micro’s blog post contains detailed insights into how the attackers tricked users into clicking on a malicious internet shortcut file disguised as a harmless image file. This is a concerning development, and appropriate measures should be taken to mitigate the risks posed by these vulnerabilities and the activities of the Water Hydra threat group.