Russian Hackers Exploit NTLM Vulnerability in Ukraine Cyber Attacks

Russian hackers exploit new NTLM flaw in cyber attacks against Ukraine. A recently patched vulnerability in Windows NT LAN Manager (NTLM), identified as CVE-2024-43451, has been exploited by a suspected Russia-linked actor to target Ukraine. The flaw allows attackers to steal NTLMv2 hashes through minimal user interaction with malicious files, leading to the deployment of the Spark RAT malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has linked these activities to a threat actor known as UAC-0194, highlighting the ongoing risks posed by phishing attacks and the rapid potential for financial theft.