Project Hyphae

Windows Zero-Day being exploited in Ransomware Attacks

Share This Post

CISA added CVE-2023-28252, a Windows zero-day vulnerability in the Common Log File System (CLFS), to its catalog of Known Exploited Vulnerabilities yesterday. This flaw was first discovered in February. It’s noted that this vulnerability is currently being actively exploited by cybercriminals across small and medium-sized businesses in the Middle East and North America. Threat actors have been monitored escalating privileges and deploying ransomware payloads, particularly Nokoyama.

Nokoyama ransomware first surfaced in February of 2022 and was viewed as one of several offshoots of JSWorm. Since then, it has used CLFS system flaws similar to CVE-2023-28252, including in 64-bit Windows systems, to perpetrate double extortion attacks with victims’ stolen data.

Microsoft patched this zero-day and 96 other bugs, including 45 remote code execution vulnerabilities, as part of April’s Patch Tuesday, Full details on yesterday’s patches can be found here:

More To Explore

Information Security News 6-5-2023

‘Picture-in-Picture’ Obfuscation Spoofs Delta, Kohl’s for Credential Harvesting Article Link: NSA and FBI: Kimsuky Hackers Pose as Journalists to Steal Intel Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.