A highly advanced adversary is targeting major infrastructure companies with a zero-day exploit that has been unpatched since the spring.
According to Infosecurity, Hurricane Panda are striking on a daily basis, according to CrowdStrike, and the exploit affects all x64 Windows variants up to and including Windows 7 and Windows Server 2008 R2.
CrowdStrike discovered that the attacks begin with compromising web servers and deploying Chopper webshells, and then escalating privileges using the newly discovered Local Privilege Escalation tool, which exploits a previously unknown vulnerability. It elevates intruder privileges to those of the SYSTEM user, and then creates a new process with these access rights to run commands, typically intelligence-gathering activities.
Microsoft published security bulletin MS14-058 and issued a patch that fixed the vulnerability on Tuesday.
VIEW FULL STORY
