Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails
Nov 14, 2024
Malware / Vulnerability
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash. It was patched by Microsoft earlier this week. "Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing could trigger this vulnerability," Microsoft revealed in its advisory. Israeli cybersecurity company ClearSky, which discovered the zero-day exploitation of the flaw in June 2024, said it's been abused as part of an attack chain that delivers the open-source Spark RAT malware. "The vulnerability activates URL files, leading to malicious activity," the company said, adding the malicious file...