Operation PowerFall - Yet Another Attack Campaign Using Zero-Day Exploits
Kaspersky recently revealed details about an attack campaign, launched in May 2020, against a South Korean company.
Dubbed “Operation PowerFall,” the attack campaign involved exploitation zero-day vulnerabilities in Windows and Internet Explorer.
- These full chain exploits target the latest builds of Windows 10 OS (build 18363 x64) and Internet Explorer 11.
- The attack consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer (CVE-2020-1380) and an elevation of privilege exploit (CVE-2020-0986) for Windows.
- Based on the similarities with previously disclosed vulnerabilities, researchers concluded that these attacks were probably carried out by the DarkHotel group.
Recent vulnerabilities in IE
Previous attacks on IE
Earlier this year, several attacks leveraging vulnerabilities in IE have been observed in the wild.
- In July 2020, the Purple Fox exploit kit added two new exploits (CVE-2020-0674 and CVE-2019-1458) targeting critical- and high-severity Microsoft IE vulnerabilities.
- In March, it was revealed that an unnamed group of hackers was using five zero-day vulnerabilities, including CVE-2020-0674 in IE, to target North Korea-focused professionals.
The bottom line
Both vulnerabilities have been already patched by Microsoft. Due to threats like this, it becomes all the more important for organizations to practice countermeasures such as reducing the exposed attack surface, leveraging behavior-based threat analysis, and implementing a rigorous patch management process.