The Lazarus Group, a North Korean state-sponsored hacking organization, has exploited a newly patched security flaw in Microsoft Windows, identified as a zero-day vulnerability.

This vulnerability, tracked as CVE-2024-38193, has a CVSS score of 7.8 and is classified as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock.

Researchers Luigino Camastra and Milanek discovered the flaw, which enables unauthorized access to sensitive system areas.

The vulnerability allows attackers to bypass security restrictions and gain SYSTEM privileges, providing access to critical system areas typically off-limits to users and administrators.

The exploit targeted individuals in sensitive fields such as cryptocurrency and aerospace, demonstrating the advanced attack strategies employed by the Lazarus Group.

Attacks linked to this vulnerability involved the use of a rootkit known as FudModule to evade detection.

FudModule is delivered via a remote access trojan known as Kaolin RAT, used by Lazarus to maintain stealth in their operations.

Microsoft addressed this vulnerability in its August 2024 Patch Tuesday security updates, which were crucial as the flaw was actively exploited in cyber attacks.

With the exposure of their admin-to-kernel zero-day, Lazarus's ability to bypass security has been significantly diminished.

Some researchers believe that the funds stolen by the Lazarus Group are being used to support North Korea's state operations and weapons programs.

The Lazarus Group is notorious for cyberattacks, including a high-profile incident that resulted in the theft of approximately $600 million from a cryptocurrency project.