Kasperky: IronHusky targets Defense and IT companies with MysterySnail for cyber espionage purpose. The Chinese APT exploits the CVE-2021-40449 zero-day vulnerability in the Win32k kernel driver and the malware to escalate privileges

IronHusky, a Chinese APT, is attacking Defense and IT companies with MysterySnail, spread thanks to a zero-day vulnerability in the Windows Win32k kernel driver. It has been discovered by Kaspersky cybersecurity experts. The goal is cyber espionage through the malware and the CVE-2021-40449 flaw. MysterySnail, a RAT, is designed to collect and exfiltrate system information from compromised hosts before reaching out to its command-and-control server for further commands. It can perform various tasks on infected machines, ranging from spawning new processes and killing already running ones to launching interactive shells and launching a proxy server with support for up to 50 simultaneous connections.