Operation Earth Kitsune
Multiple vulnerabilities classified under CVE-2019-5782, CVE-2020-0674, CVE-2016-0189¸ and CVE-2019-1458 are being used to redirect users to malicious websites and drop a backdoor onto the victim's system. The flaws lie in Google Chrome, Microsoft Internet Explorer, and the Windows operating system. The malware collects and exfiltrates a range of data including system information, network configuration, screenshots, and network connections. The threat actor behind the attacks is using compromised websites and the Mattermost open-source online chat service as command and control servers.