Hacking group IronHusky APT exploited a zero-day, Use-After-Free (UAF) vulnerability in the Win32k kernel driver. While the “MysterySnail” exploit could target Windows client versions, it has only been discovered on Windows Server systems.
- The MysterySnail RAT was designed to collect exfiltrate system info from infected hosts.
- The RAT can perform various tasks, including launching or terminating processes and interacting with command shells and proxy servers.
- Variants of the malware have been detected in an espionage campaign against IT companies, defense contractors, and diplomatic entities.
- Microsoft patched the vulnerability as part of October’s Patch Tuesday.