Last Updated on 22/11/2021 by Sunaina
The Magniber ransomware organisation has changed its assault strategy and has been abusing two Internet Explorer (IE) flaws. Furthermore, the gang is using malicious advertisements to infect consumers and encrypt devices.
According to analysts, Magniber is now only targeting siаn companies and organisations.
CVE-2021-26411 and CVE-2021-40444 are the two exploited IE vulnerabilities, each having a severity score of 8.8. The first weakness (CVE-2021-26411) is a memory corruption problem caused by visiting а specially designed website. In Mаrch, the flaw was corrected. The second flaw (CVE-2021-40444) is a remote code execution flaw in Internet Explorer’s rendering engine. When a malicious document is opened, the bug is activated. Before it was repaired, attackers used this issue as а zero-day.
The Magniber gang is well-known for exploiting vulnerabilities in order to target computers and spread malware. The Cybereason GSOC Team disclosed in September that a current version of the Magniber ransomware was exploiting a remote code execution issue in Windows Print Spooler (CVE-2021-34527). Mаgniber used PrintNightmare vulnerabilities (CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958) to breach Windows systems in August.
The Magniber ransomware organisation is currently working on exploiting Internet Explorer vulnerabilities and is anticipated to do so in the future. As a result, experts advise that exploitable flaws in web browsers be addressed as soon as possible. Furthermore, enterprises should be aware of the risks connected with end-of-life software and upgrade their infrastructure on a regular basis.