Itpa webheader

Zero-day Windows exploit used in espionage campaign

By Dylan Bushell-Embling
Monday, 15 July, 2019

Zero-day Windows exploit used in espionage campaign

A newly discovered zero-day Windows vulnerability is being deployed in a highly targeted attack in Eastern Europe to conduct cyber espionage, according to security company ESET.

The local privilege escalation vulnerability in Windows 7 and Windows Server 2008 is being exploited by the well-known Buhtrap hacking group, according to ESET, which discovered the zero-day exploit.

Buhtrap is infamous for targeting financial institutions and businesses in Russia, but appears to have pivoted towards conducting cyber espionage. This is also the first time ESET researchers have observed Buhtrap using a zero-day exploit in an attack campaign.

The exploit manipulates pop-up menu objects to abuse a NULL pointer dereference in the win32k.sys component of unpatched Windows 7 Service Pack 1 and various Windows Server 2008 products.

Microsoft has already released a patch for the vulnerability after it was reported to the Microsoft Security Response Center.

Buhtrap malware was discovered in government institutions in December 2015, a few months before the malware source code was leaked online. ESET researcher Jean-Ian Boutin said this has led the company to conclude that Buhtrap has been changing its targets to include espionage in Eastern Europe and Central Asia.

“It’s always difficult to attribute a campaign to a particular actor when their tools’ source code is freely available on the web. However, as the shift in target occurred before the source code leaked, ESET assessed with high confidence that the same people behind the first Buhtrap malware attacks against businesses and banks are also involved in the targeting of governmental institutions,” he said.

“It’s unclear if one or several members of this group decided to change focus and for what reasons, but it is definitely something that we are likely to see more of going forward.”

Image credit: © Nivens

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to

Related News

All the world's top 500 supercomputers run Linux

All 500 of the world's fastest supercomputers use Linux, and nearly half are located in...

Microsoft launches Teams for Linux preview

Microsoft has launched a public preview of its Microsoft Teams collaboration app for Linux.

ITPA member survey — please participate!

We want your help to improve our member services, so please take two minutes to fill in our short...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd