- A newly discovered malware is targeting Windows workstations, industrial control systems, and data acquisition devices.
- Threat actors utilize a known vulnerability in an ASRock-signed motherboard driver to infiltrate IT and OT systems.
- Once an IT or OT system is successfully attacked, threat actors can laterally work through a network to target other systems.
Since Windows-based workstations are often used by IT departments and security admins, being compromised presents a security risk to a wide range of devices. Threat actors could move laterally through a network if they gained access to systems with certain privileges.
"The actors can compromise Windows-based engineering workstations, which may be present in information technology (IT) or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities," explained CISA in its security advisory.
The attack takes advantage of a known exploit in an ASRock motherboard driver. If a threat actor utilizes this exploit, they can execute malicious code in the Windows kernel. Successfully doing so is the key to moving laterally within a network.
"The APT actors can use a tool that installs and exploits a known-vulnerable ASRock-signed motherboard driver, AsrDrv103.sys, exploiting CVE-2020-15368 to execute malicious code in the Windows kernel," explained CISA. "Successful deployment of this tool can allow APT actors to move laterally within an IT or OT environment and disrupt critical devices or functions."
- Computer type
- HP HP ENVY TE01
- 2.90 gigahertz Intel Core i7-10700
- Board: HP 8767 A (SMVB)
- 16214 Megabytes Usable Installed Memor
- Hard Drives
1511.52 Gigabytes Usable Hard Drive Capacity
1418.15 Gigabytes Hard Drive Free Space
- Logitech wireless
- M 185 wireless
- Internet Speed
- 12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
- Edge & FF
- Windows Defender