Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-38213: From Crumbs to Full Compromise in a Stealthy Cyber Attack

Nov. 8, 2024, 6:52 p.m.

Description

A targeted email campaign exploiting CVE-2024-38213 has been uncovered, disguised as communication related to the Gas Infrastructure Europe Annual Conference in Munich. The attack bypasses standard security protocols to deploy LummaStealer malware, stealing sensitive data. The vulnerability, known as Copy2Pwn, bypasses Windows' Mark-of-the-Web feature, creating a dangerous security gap. Multiple threat actors, including AsyncRAT and XWorm, have been linked to its exploitation. The attack involves a sophisticated multi-stage payload, using system utilities for persistence and obfuscation. Recommendations include restricting certain email attachment types, deploying SIGMA rules for detection, and blocking identified indicators of compromise.

Date

Published: Nov. 8, 2024, 12:04 p.m.

Created: Nov. 8, 2024, 12:04 p.m.

Modified: Nov. 8, 2024, 6:52 p.m.

Attack Patterns

DarkGate RAT

LummaStealer

VenomRAT

XWorm

FormBook

AsyncRAT

T1571

T1573

T1070

T1071

T1102

T1055

T1204

T1027

T1566

T1059

Additional Informations

Energy

Germany