Nokoyawa ransomware attacks with Windows zero-day
In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, North America, and Asia regions. This group is notable for its use of a large number of similar but unique Common Log File System (CLFS) driver exploits that were likely developed by the same exploit author. The malware associated with these attacks is CobaltStrike, JSWORM, JSWorm, puzzlemaker, PuzzleMaker, and MysterySnail. Solutions for preventing these attacks include using hybrid cloud security, internet of things and embedded security, threat management and defense, industrial cybersecurity, and fraud prevention. CVEs: CVE-2022-24521, CVE-2022-37969, CVE-2023-23376, CVE-2023-28252 Malware: CobaltStrike, JSWorm, Nokoyawa [View Article](https://securelist.com/nokoyawa-ransomware-attacks-with-windows-zero-day/109483/)