CVE-2024-38213: From Crumbs to Full Compromise in a Stealthy Cyber Attack
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A targeted email campaign exploiting CVE-2024-38213 has been uncovered, disguised as communication related to the Gas Infrastructure Europe Annual Conference in Munich. The attack bypasses standard security protocols to deploy LummaStealer malware, stealing sensitive data. The vulnerability, known as Copy2Pwn, bypasses Windows' Mark-of-the-Web feature, creating a dangerous security gap. Multiple threat actors, including AsyncRAT and XWorm, have been linked to its exploitation. The attack involves a sophisticated multi-stage payload, using system utilities for persistence and obfuscation. Recommendations include restricting certain email attachment types, deploying SIGMA rules for detection, and blocking identified indicators of compromise.
OPENCTI LABELS :
phishing,formbook,xworm,venomrat,asyncrat,lummastealer,copy2pwn,cve-2024-38213,darkgate rat
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
CVE-2024-38213: From Crumbs to Full Compromise in a Stealthy Cyber Attack