Contact

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

NetmanageIT OpenCTI - opencti.netmanageit.com

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails



SUMMARY :

A newly discovered vulnerability in Windows NT LAN Manager (NTLM) has been exploited by suspected Russian hackers in cyber attacks against Ukraine. The flaw, identified as CVE-2024-43451, allows attackers to steal NTLMv2 hashes through minimal user interaction with malicious files. The exploit chain involves phishing emails containing links to compromised Ukrainian government websites, leading to the download of a ZIP archive with a malicious URL file. When interacted with, this file triggers the vulnerability and downloads additional payloads, including the Spark RAT malware. The attack also enables pass-the-hash attacks for unauthorized user authentication. Ukrainian CERT has attributed this activity to a threat actor known as UAC-0194.

OPENCTI LABELS :

rat,phishing,russia,ukraine,windows,zero-day,spark rat,cve-2024-43451,ntlm,pass-the-hash,hash stealing


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails