Lazarus Group Exploits Windows Zero-Day Flaw, Targets Cryptocurrency and Aerospace Sectors
August 20, 2024The Lazarus Group, a North Korean state-sponsored hacking organization, has exploited a newly patched security flaw in Microsoft Windows, identified as a zero-day vulnerability.
This vulnerability, tracked as CVE-2024-38193, has a CVSS score of 7.8 and is classified as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock.
Researchers Luigino Camastra and Milanek discovered the flaw, which enables unauthorized access to sensitive system areas.
The vulnerability allows attackers to bypass security restrictions and gain SYSTEM privileges, providing access to critical system areas typically off-limits to users and administrators.
The exploit targeted individuals in sensitive fields such as cryptocurrency and aerospace, demonstrating the advanced attack strategies employed by the Lazarus Group.
Attacks linked to this vulnerability involved the use of a rootkit known as FudModule to evade detection.
FudModule is delivered via a remote access trojan known as Kaolin RAT, used by Lazarus to maintain stealth in their operations.
Microsoft addressed this vulnerability in its August 2024 Patch Tuesday security updates, which were crucial as the flaw was actively exploited in cyber attacks.
With the exposure of their admin-to-kernel zero-day, Lazarus's ability to bypass security has been significantly diminished.
Some researchers believe that the funds stolen by the Lazarus Group are being used to support North Korea's state operations and weapons programs.
The Lazarus Group is notorious for cyberattacks, including a high-profile incident that resulted in the theft of approximately $600 million from a cryptocurrency project.
Summary based on 4 sources
Get a daily email with more Tech stories
Sources
TechRadar pro • Aug 19, 2024
Microsoft patches Windows security flaw exploited by North Korean hackers — but is it too late?The Hacker News • Aug 19, 2024
Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus GroupSecurityWeek • Aug 19, 2024
Windows Zero-Day Attack Linked to North Korea’s Lazarus APTSecurity Affairs • Aug 19, 2024
Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT