9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
The recent Windows zero-day was exploited by Lazarus, a hacker group backed by the North Korean government, allowing them to install advanced malware. A Windows zero day (CVE-2024-38193)
The recent Windows zero-day was exploited by Lazarus, a hacker group backed by the North Korean government, allowing them to install advanced malware.
A Windows zero day (CVE-2024-38193) recently patched by Microsoft was reported to have been exploited by a hacker group working on behalf of the North Korean government. This was discovered by researchers at Gen, the security company that noticed the vulnerability and reported it to Microsoft. The zero day allowed these malicious actors to install custom malware called rootkit, a type of malware that penetrates deep into the operating system. This sophisticated malware would cost hundreds of thousands of dollars on the black market.
Microsoft issued a warning at the time that the vulnerability, described as CVE-2024-38193, was being actively exploited. The company did not provide any details at the time about who was behind the attack or what its purpose was. Researchers at security firm Gen found that the malicious parties were part of Lazarus, a hacker group acting on behalf of the North Korean government.
“In early June, Luigino Camastra and Milanek discovered that the Lazarus group was exploiting a hidden vulnerability in a critical part of Windows called the AFD.sys driver. This vulnerability allowed them to gain unauthorized access to sensitive system areas. We also found that they were using a special type of malware called Fudmodule to hide their activities from security software,” the researchers said in a blog.
“FudModule” is a type of malware known as a rootkit, a type of malware. The rootkit penetrates deep into the operating system and can hide its files, processes, and other internal workings from the operating system itself. In order for rootkits to do their work, they must first gain system privileges and then communicate directly with the kernel, the area of an operating system dedicated to its most sensitive functions.
The rootkit used, “FudModule”, was installed based on a technique “Bring your own vulnerable driver‘, which involves installing a legitimate driver with known vulnerabilities to gain access to the kernel. “This type of attack is both sophisticated and ingenious and could cost hundreds of thousands of dollars on the black market,” the researchers said.
Microsoft has released a patch to fix these vulnerabilities and the company recommends that users prioritize updating their systems.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
