Security researchers from Check Point were able to identify the developers of specific zero-day Windows exploits using a new technique used to monitor exploit developers' activities. The researchers were able to attribute 16 Window Kernel local privilege escalation exploits to two exploit developers known as Volodya (BuggiCorp) and PlayBit (luxor20080).
More from CheckPoint:
- The technique focuses on developing "fingerprints" of the exploit authors based on unique identifiers, such as the way the code was written and implemented.
- Volodya’s clients include banker trojan authors such as Ursnif, ransomware authors such as GandCrab, Cerber, and Magniber, and APT groups such as Turla, APT28, and Buhtrap
- The Check Point researchers encouraged other researchers to use the technique to identify additional exploit writers.