Magniber ransomware actors exploiting Microsoft zero day
Magniber ransomware actors are actively exploiting another Microsoft SmartScreen zero-day vulnerability, according to new research by Google’s Threat Analysis Group.
In a blog post on Tuesday, Google detailed the flaw, tracked as CVE-2023-24880, which attackers are leveraging to bypass security warnings that indicate a user is about to download a potentially malicious file. First identified in 2017, the Magniber ransomware gang is known for targeting victims primarily located in South Korea by seeking out individual PCs rather than large organizations’ networks.
Google TAG researchers observed Magniber actors exploiting the flaw by sending malicious MSI files signed with an invalid but specially crafted Authenticode signature that bypasses SmartScreen security warnings for untrusted files. Google reported its findings, which revealed Magnib …