Security News > 2021 > June > Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days
Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide.
The zero-day exploit chain deployed in the campaign used a remote code execution vulnerability in the Google Chrome V8 JavaScript engine to access the targeted systems.
Next, the PuzzleMaker threat actors used an elevation of privilege exploit custom-tailored to compromise the latest Windows 10 versions by abusing an information disclosure vulnerability in the Windows kernel and a Windows NTFS privilege escalation bug, both patched in the June Patch Tuesday.
The attackers abused the Windows Notification Facility together with the CVE-2021-31956 vulnerability to execute malware modules with system privileges on compromised Windows 10 systems.
"Once the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server," the researchers said.
One full exploit chain targeting fully patched Windows 10 using Google Chrome.
News URL
Related news
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
- “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days (source)
- Windows 10 KB5041580 update released with 14 fixes, security updates (source)
- New Windows SmartScreen bypass exploited as zero-day since March (source)
- 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-08 | CVE-2021-31956 | Integer Underflow (Wrap or Wraparound) vulnerability in Microsoft products Windows NTFS Elevation of Privilege Vulnerability | 7.8 |