PuzzleMaker Cluster Attacks Companies with 0-Day Vulnerabilities in Chrome and Windows 10
Kaspersky Lab specialists announced that the new PuzzleMaker group attacks companies around the world. Targeted attacks exploit a chain of zero-day vulnerabilities in the Google Chrome browser and Windows 10.
According to researchers, a new grouping PuzzleMaker stands behind the campaign, and the first attacks were discovered in mid-April 2021.The chain of vulnerabilities exploited in the attacks includes a remote code execution issue in the Google Chrome V8 JavaScript engine (as LC was unable to obtain a full exploit for this vulnerability).
We also investigated two vulnerabilities in Windows – CVE-2021-31955 (information disclosure in the Windows kernel) and CVE-2021-31956 (privilege escalation in Windows NTFS). Microsoft fixed both issues as part of its June Patch Tuesday.
Attackers gained access to the target system through a vulnerability in Chrome and then exploited CVE-2021-31955 and CVE-2021-31956 to compromise Windows.
According to experts, PuzzleMaker used the Windows Notification Facility (WNF) in conjunction with the exploitation of CVE-2021-31956 to execute malicious modules on the system.
Let me remind you that we wrote that Most of the exploits for 0-Day vulnerabilities are developed by private companies.