The global #cybersecurity network feed of security researchers protecting over 400 million people from new and emerging online threats.
Oct 19, 2021 • 5 tweets • 2 min read
#MagnitudeEK is now stepping up its game by using CVE-2021-21224 and CVE-2021-31956 to exploit Chromium-based browsers. This is an interesting development since most exploit kits are currently targeting exclusively Internet Explorer, with Chromium staying out of their reach.
CVE-2021-21224, a type confusion in V8, is used to compromise a renderer process. CVE-2021-31956, a Windows EoP, is used to escape the Chromium sandbox. This is the same combination of vulnerabilities that was suspected to be chained in the #PuzzleMaker attack.
We have found these attacks started at least in May 2020. We also attribute this campaign to Mustang Panda with moderate confidence. 1/8
We found multiple infected hosts with indications of malware used by Mustang Panda group. We also examined the archive found at hxxps://www.president-office.gov[.]mm/sites/default/files/font/All-in-One_Pyidaungsu_Font.zip. 2/8