12 May 2016

According to information, published by FireEye, more than 100 companies in North America fell victim to a spear phishing campaign. The primary targets were companies from retail, restaurants and hotel industries. Hackers were sending out spam messages containing Microsoft Word document with malicious macro. Once open, the macro downloaded and executed malicious file PUNCHBUGGY (FireEye terminology).

The hacking campaign was carefully managed and financially motivated. The attackers used zero-day privilege escalation vulnerability in Microsoft Windows (CVE-2016-0167), patched last month by the vendor. After successful security breach the attackers elevated privileges on the system and gained control over network devices, such as POS terminals.

CVE-2016-0167 is a local privilege escalation vulnerability, which can be used to gain SYSTEM access on vulnerable computer. This vulnerability was patched during April’s Patch Tuesday in security bulletin MS16-062.