The Buhtrap hacking group has switched its targets from financial businesses and institutions since December 2015 when it moved into cyber-espionage operations. Group-IB and ESET researchers say the hacker group’s attacks were only detected one year later, in 2015, when it started going after more high-profile victims like financial institutions. The Windows local privilege escalation 0-day vulnerability tracked as CVE-2019-1132 was fixed by Microsoft during this month’s Patch Tuesday and it allowed the cyber-crime group to run arbitrary code in kernel mode after successful exploitation.
Source: https://www.bleepingcomputer.com/news/security/windows-zero-day-used-by-buhtrap-group-for-cyber-espionage/