These attacks were reported by Trend Micro’s security researchers. Experts say that the Iranian APT34 hacking group, known as OilRig, has installed a new backdoor targeting Microsoft Exchange servers. The target of the attacks is standard; credential theft, where hackers use the Windows CVE-2024-30088 flaw to escalate their privileges on hacked devices.
Attackers are working from two sides: Researchers from Trend Micro established a connection between OilRig and FOX Kitten, another Iranian group involved in ransomware attacks.
Additionally, the attacks seen by Trend Micro begin by using a vulnerable server to load a web shell that gives hackers the ability to remotely execute code and PowerShell commands. Once the shell is activated, cybercriminals use the software environment to distribute additional tools, including a component designed to exploit the Windows flaw CVE-2024-30088.
According to researchers, CVE-2024-30088 is an elevated privilege escalation vulnerability that Microsoft fixed in June 2024. It is possible that a security flaw in the operating system could still allow attackers to escalate their privileges to the SYSTEM level, providing significant control over compromised devices.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
