CVE-2024-38213: From Crumbs to Full Compromise in a Stealthy Cyber Attack

Tags

External References

• https://securityboulevard.com/
• https://otx.alienvault.com/

Description

A targeted email campaign exploiting CVE-2024-38213 has been uncovered, disguised as communication related to the Gas Infrastructure Europe Annual Conference in Munich. The attack bypasses standard security protocols to deploy LummaStealer malware, stealing sensitive data. The vulnerability, known as Copy2Pwn, bypasses Windows' Mark-of-the-Web feature, creating a dangerous security gap. Multiple threat actors, including AsyncRAT and XWorm, have been linked to its exploitation. The attack involves a sophisticated multi-stage payload, using system utilities for persistence and obfuscation. Recommendations include restricting certain email attachment types, deploying SIGMA rules for detection, and blocking identified indicators of compromise.

Date