July 16, 2024 at 12:09PM
Void Banshee, an APT actor, used the CVE-2024-38112 Windows zero-day to exploit the disabled Internet Explorer and deliver the Atlantida stealer malware. By crafting URLs in internet shortcut files, the APT leveraged the MHTML protocol handler and x-usc directive to execute code via the disabled IE, posing a significant threat to organizations. (Words: 50)
From the meeting notes, the following clear takeaways can be generated:
1. A threat actor known as Void Banshee exploited a recent Windows zero-day vulnerability, tracked as CVE-2024-38112, to execute code through the disabled Internet Explorer (IE).
2. The vulnerability was addressed with the July 2024 Patch Tuesday updates, approximately two months after it was discovered by Trend Micro and reported to Microsoft.
3. Void Banshee targeted entities in North America, Europe, and South Asia for information theft and financial gain using the Atlantida stealer malware family.
4. The APT leveraged internet shortcut (URL) files to abuse the MSHTML protocol handler and x-usc directives to execute code directly through Windows’ disabled Internet Explorer, despite its discontinuation in 2022.
5. The attacks started with a spearphishing message delivering internet shortcut files posing as PDF copies of books to lure victims into opening them, ultimately leading to the execution of the Atlantida stealer.
6. The malware targets various sensitive information including passwords, screens, files, and extensive system information.
7. The ability of APT groups like Void Banshee to exploit disabled services such as IE poses a significant threat to organizations worldwide, as they can use lingering Windows relics to infect users and organizations with ransomware, backdoors, or other strains of malware.
These takeaways summarize the key points from the meeting notes regarding the threat posed by Void Banshee’s exploitation of the Windows zero-day vulnerability and the potential impact on organizations.