In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Ransomware Groups to Watch: Emerging Threats
August 24, 2021
As part of Unit 42’s commitment to stop ransomware attacks, we conduct ransomware hunting operations to ensure our customers are protected against new and evolving ransomware variants. We monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During our operations, ...
- FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020
August 23, 2021
The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations since at least November 2020 as a ransomware affiliate. The US federal law enforcement agency shared indicators of compromise, tactics, techniques, and procedures (TTP), and mitigation measures in a flash alert published ...
- Nokia subsidiary discloses data breach after Conti ransomware attack
August 23, 2021
SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. The wholly-owned and independently-operating Nokia company, headquartered in Chicago, IL, works with telecom carriers, major tower owners, and original equipment manufacturers (OEMs) across the US. Read more… Source: ...
- Attackers Actively Exploiting Realtek SDK Flaws
August 23, 2021
Threat actors zeroing in on command injection vulnerabilities reported in Realtek chipsets just days after multiple flaws were discovered in the software developers kits (SDK) deployed across at least 65 separate vendors. On Aug. 16 multiple Realtek vulnerabilities were disclosed by IoT Inspector Research Lab. It took about 48 hours for attackers to start trying to ...
- LockFile ransomware uses PetitPotam attack to hijack Windows domains
August 20, 2021
At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. Behind the attacks appears to be a new ransomware gang called LockFile that was first seen in July, which shows some resemblance and references to other groups in ...
- Ransomware: This amateur attack shows how clueless criminals are trying to get in on the action
August 19, 2021
Ransomware is one of the biggest cybersecurity threats to businesses today, and cyber criminals can potentially make millions of dollars in Bitcoin for a single successful attack. This lure of quickly making large sums of money is attracting interest from across the cyber-criminal spectrum, from sophisticated gangs specialising in ransomware attacks, to affiliate schemes where wannabe ...