Security researchers have spotted a new exploit from hacktivist group DragonForce Malaysia capable of performing Windows servers’ local privilege escalation (LPE) and local distribution router (LDR) actions on Indian servers.
The attack was illustrated in a PoC video earlier this month.DragonForce Malaysia announced plans to convert into a ransomware group in the same video.
Researchers said that they used the company’s contextual artificial intelligence digital risk monitoring platform XVigil to identify a post on a Telegram channel where the hacktivist group posted the video describing the exploit.
The pro-Palestinian hacktivist group based in Malaysia and attributed the new exploit to a threat actor named “impossible1337”.
To mitigate the impact of the new vulnerability, researchers advised to patch the Windows servers by updating all software to the latest available version, or alternatively resort to the latest workarounds provided by the vendor.
In combination with other hacktivists, the threat group has successfully filled the void left by Anonymous while remaining independent during the resurgence of hacktivists related to the Russian/Ukrainian war.
Not all vulnerabilities can be exploited, meaning not every vulnerability requires immediate attention. Several LPE vulnerabilities have other dependencies, such as needing a username and password to carry out the attack.
This research was done and documented by CloudSEK Firm.