Security News > 2021 > June > Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days

Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide.

The zero-day exploit chain deployed in the campaign used a remote code execution vulnerability in the Google Chrome V8 JavaScript engine to access the targeted systems.

Next, the PuzzleMaker threat actors used an elevation of privilege exploit custom-tailored to compromise the latest Windows 10 versions by abusing an information disclosure vulnerability in the Windows kernel and a Windows NTFS privilege escalation bug, both patched in the June Patch Tuesday.

The attackers abused the Windows Notification Facility together with the CVE-2021-31956 vulnerability to execute malware modules with system privileges on compromised Windows 10 systems.

"Once the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server," the researchers said.

One full exploit chain targeting fully patched Windows 10 using Google Chrome.

News URL

https://www.bleepingcomputer.com/news/security/windows-10-targeted-by-puzzlemaker-hackers-using-chrome-zero-days/