Operation Buhtrap Zero-Day

The campaign used a zero-day privilege escalation vulnerability in Microsoft Windows to carry out attacks against government institutions. The threat actor behind the operation used decoy documents to install malicious software to steal sensitive information including contact information and passwords. Additional malware installed included backdoors and a Meterpreter reverse shell.