A zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS) has been exploited against targets in various sectors across multiple countries. The exploit, deployed by PipeMagic malware and attributed to Storm-2460, enables privilege escalation and ransomware deployment. Post-exploitation activities include credential theft and file encryption. The vulnerability, tracked as CVE-2025-29824, has been patched. Mitigation strategies include applying security updates, enabling cloud-delivered protection, and implementing advanced security measures. Multiple detection methods and hunting queries are provided for identifying and responding to this threat. Author: AlienVault
Related Tags:
clfs
RansomEXX
PipeMagic
Real Estate
T1070.001
Zero-Day
Venezuela
Bolivarian Republic of
Information Technology
Spain
Associated Indicators:
jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion