Skip to content

Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks “New Strategies for Improving Digital Security” “Strategies for Enhancing Digital Protection”

Kaspersky reported that Microsoft’s April 2023 Patch Tuesday updates successfully addressed a Windows zero-day vulnerability that was previously being exploited by cybercriminals in ransomware attacks.

The vulnerability, identified as CVE-2023-28252, is a privilege escalation flaw affecting the Windows Common Log File System (CLFS) driver. Microsoft warned that the flaw has been exploited in the wild, but did not provide any details about the attacks.

Kaspersky revealed that a cybercrime group known for its ransomware operations has been exploiting the CVE-2023-28252 vulnerability via attacks aiming to deliver the Nokoyawa ransomware. This ransomware family, designed to target Windows systems, emerged in February 2022 and encrypts files on compromised systems, while also stealing valuable information that they threaten to leak unless a ransom is paid.

The Nokoyawa ransomware is believed to be related to the Karma and Nemty ransomware families, as well as the notorious Hive ransomware operation, which was disrupted by law enforcement earlier this year. Kaspersky plans on releasing additional information about the vulnerability nine days after Patch Tuesday.

In the past five years, dozens of CLFS vulnerabilities have been discovered, including at least three that were exploited in the wild. Microsoft urged users to patch their systems as soon as possible.

Key Points:

  • Microsoft’s April 2023 Patch Tuesday updates fixed a Windows zero-day vulnerability, CVE-2023-28252, which has been exploited by cybercriminals in ransomware attacks.
  • Kaspersky revealed that a cybercrime group has been exploiting the vulnerability in attacks aiming to deliver the Nokoyawa ransomware.
  • The Nokoyawa ransomware is believed to be related to the Karma, Nemty, and Hive ransomware families.
  • Dozens of CLFS vulnerabilities have been discovered in the past five years, and at least three of them have been exploited in the wild.
  • Microsoft urged users to patch their systems as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *