Newly discovered malware targets Windows-based workstations !


flashh4

flashh4

Well-known member
Power User
VIP
Local time
2:03 AM
Posts
869
OS
Windows11 23H2 (OS Build 22631.2428)
  • A newly discovered malware is targeting Windows workstations, industrial control systems, and data acquisition devices.
  • Threat actors utilize a known vulnerability in an ASRock-signed motherboard driver to infiltrate IT and OT systems.
  • Once an IT or OT system is successfully attacked, threat actors can laterally work through a network to target other systems.
Windows workstations are under threat from a newly discovered type of malware. According to a joint cybersecurity advisory by the Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), the malware can compromise Windows-based engineering workstations. The same malware is also a threat to industrial control systems and data acquisition devices.

Since Windows-based workstations are often used by IT departments and security admins, being compromised presents a security risk to a wide range of devices. Threat actors could move laterally through a network if they gained access to systems with certain privileges.

"The actors can compromise Windows-based engineering workstations, which may be present in information technology (IT) or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities," explained CISA in its security advisory.

The attack takes advantage of a known exploit in an ASRock motherboard driver. If a threat actor utilizes this exploit, they can execute malicious code in the Windows kernel. Successfully doing so is the key to moving laterally within a network.

"The APT actors can use a tool that installs and exploits a known-vulnerable ASRock-signed motherboard driver, AsrDrv103.sys, exploiting CVE-2020-15368 to execute malicious code in the Windows kernel," explained CISA. "Successful deployment of this tool can allow APT actors to move laterally within an IT or OT environment and disrupt critical devices or functions."

Chuck
 

My Computer My Computer

At a glance

Windows11 23H2 (OS Build 22631.2428)2.90 gigahertz Intel Core i7-1070016214 Megabytes Usable Installed Memor
OS
Windows11 23H2 (OS Build 22631.2428)
Computer type
PC/Desktop
Manufacturer/Model
HP HP ENVY TE01
CPU
2.90 gigahertz Intel Core i7-10700
Motherboard
Board: HP 8767 A (SMVB)
Memory
16214 Megabytes Usable Installed Memor
Hard Drives
1511.52 Gigabytes Usable Hard Drive Capacity
1418.15 Gigabytes Hard Drive Free Space
Keyboard
Logitech wireless
Mouse
M 185 wireless
Internet Speed
12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
Browser
Edge & FF
Antivirus
Windows Defender
Scary stuff. Rapidly changing world.

Thank you for the information, Chuck. (y)
 

My Computer My Computer

At a glance

Windows 10 Pro 64-bit 22H2 19045.4046Intel i7-3770 @ 3.40GHz8 GBAMD 7500 Radeon HD Series
OS
Windows 10 Pro 64-bit 22H2 19045.4046
Computer type
PC/Desktop
Manufacturer/Model
Dell/Vostro 470 (Year 2012)
CPU
Intel i7-3770 @ 3.40GHz
Memory
8 GB
Graphics Card(s)
AMD 7500 Radeon HD Series
Sound Card
Realtek Hi-Def Audio
Monitor(s) Displays
Dell U2412M
Hard Drives
1 TB 7200 HDD
Keyboard
Dell/USB
Mouse
Dell/USB
Internet Speed
100/10
Browser
Edge
Antivirus
Windows Security/MalwareBytes Premium
You must log in or register to reply here.

Similar threads

  • Article Article
Microsoft Dev Box now generally available for cloud-based workstations
Replies
0
Views
1K
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom