Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw

[silversurfer]

Content source

https://threatpost.com/sandcat-fruityarmor-exploiting-microsoft-win32k/142751/

A newly-patched Microsoft Win32k vulnerability is being exploited in the wild by at least two threat actors, including a recently discovered advanced persistent threat (APT) group dubbed SandCat.

The exploited vulnerability (CVE-2019-0797), rated important, was patched on Tuesday as part of Microsoft’s regularly scheduled March security update. But Kaspersky Lab researchers said that the vulnerability is already being used by two APTs, SandCat and FruityArmor, to run arbitrary code on target systems.

SandCat is an APT that was discovered only recently, researchers Vasiliy Berdnikov and Boris Larin said in a Wednesday deep dive analysis of the vulnerability and its exploits.