Microsoft Zero-Day Utilized by Lazarus in Rootkit Assault

Microsoft Zero-Day Used by Lazarus in Rootkit Attack

Microsoft has up to date a zero-day exploit in its AppLocker utility whitelisting software program, however not earlier than the North Korean state-backed Lazarus Group was in a position to leverage the flaw to tug off a rootkit cyberattack.

Researchers from Avast found the Microsoft zero-day flaw, tracked below CVE-2024-21338, and defined that it allowed Lazarus to make use of an up to date model of its proprietary rootkit malware referred to as “FudModule” to cross the admin-to-kernel boundary, in keeping with a new report.

The zero-day was fastened on Feb. 13 as part of Microsoft’s February Patch Tuesday replace, and Avast launched particulars of the exploit on Feb. 29.

Notably, the Avast analysts reported that FudModule has been turbocharged with new performance, together with a characteristic that suspends protected course of mild (PPL) processes discovered within the Microsoft Defender, Crowdstrike Falcon, and HitmanPro platforms.

Additional, Lazarus Group ditched its earlier convey your personal weak driver (BYOVD) tactic to leap from admin to kernel utilizing the extra simple zero-day exploit strategy, the staff defined.

Avast additionally found a brand new Lazarus distant entry Trojan (RAT), about which the seller pledges to launch extra particulars later.

“Although their [Lazarus Group’s] signature techniques and methods are well-recognized by now, they nonetheless sometimes handle to shock us with an surprising technical sophistication,” the Avast report mentioned. “The FudModule rootkit serves as the most recent instance, representing some of the complicated instruments Lazarus holds of their arsenal.”


Total
0
Shares
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Previous Post
FBI, CISA Release IoCs for Phobos Ransomware

FBI, CISA Launch IoCs for Phobos Ransomware

Next Post
MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs

MITRE Rolls Out 4 Model-New CWEs for Microprocessor Safety Bugs

Related Posts