New ‘MysterySnail’ exploit used to hijack Windows Server deployments

DMCA / Correction Notice
- Advertisement -

Cyber ​​security Experts have helped eliminate a mysterious new Remote Access Trojan (RAT), a zero-day exploit in a Windows driver required to launch a privilege escalation exploit.

- Advertisement -

Discovered and reported by KasperskyMicrosoft has patched the zero-day exploit exploited by the Trojan in the October 2021 version of Patch Tuesday.

“The exploit had multiple debug strings from an old, publicly known exploit for the vulnerability CVE-2016-3309, but closer analysis revealed that it was a zero-day. We found that it was using a previously unknown vulnerability in the Win32k driver…” done inspection researcher.

Techradar needs you!


We’re looking at how our readers use a VPN with streaming sites like Netflix so we can improve our content and offer better advice. This survey will take you no more than 60 seconds, and we would greatly appreciate it if you shared your experiences with us.

>> Click here to start survey in new window <

  • here is our list Best Small Business Servers Available
  • these are best dedicated server hosting provider
  • we also scored best bare metal hosting Services
- Advertisement -

Using the MysterySnail, Trojan code and command and control (C2) infrastructure named by Kaspersky, the researchers linked the attack to a Chinese threat actor known as IronHusky.

zero-day exploitation

Analysis of the exploit revealed that it was not written just to attack the latest Windows 10 And Windows Server 2019 releases, but older, even supported ones, are going as far back as Windows Vista.

Further analyzes of its malicious payload revealed similarities with several forms previously used in extensive espionage operations against IT companies, military/defense contractors and diplomatic entities.

security specialist Nerdshala Pro Spoke Two agreed that although zero-day attacks have unfortunately become a fact of life for enterprise security, businesses can minimize their losses with proactive monitoring.

“With OS and application vulnerabilities occurring almost daily, it is clear that attackers are working hard to discover new exploits. Monitoring for unusual activity is the only way to ensure that,” says Saryu Nayyar, CEO of security vendor Gurukul. That such violations are caught and addressed quickly.”

In addition, access review specialist YouAttest believes that a thorough and regular review of identities will also help reduce privilege escalation exploits.

“Enterprises must practice identity protection And there are alerts on privilege escalation and a regular review of identities to ensure the enterprise has the principle of least privilege – to insure once a credential is compromised, there are reasonable alerts and minimal damage. Happens,” believes Garrett Grezek, CEO, you authenticate.

  • It’s here best cloud hosting services on the market

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories