Microsoft Zero-Day Used by Lazarus in Rootkit Attack

  /     /     /  
Publicated : 23/11/2024   Category : security

Microsoft Zero-Day Used by Lazarus in Rootkit Attack


North Korean state actors Lazarus Group used a Windows AppLocker zero-day, along with a new and improved rootkit, in a recent cyberattack, researchers report.


Microsoft has updated a zero-day exploit in its AppLocker application whitelisting software, but not before the North Korean state-backed Lazarus Group was able to leverage the flaw to pull off a rootkit cyberattack.
Researchers from Avast discovered the Microsoft zero-day flaw, tracked under CVE-2024-21338, and explained that it allowed Lazarus to use an updated version of its proprietary rootkit malware called FudModule to cross the admin-to-kernel boundary, according to a
new report
.
The zero-day was fixed on Feb. 13 as a part of
Microsofts February Patch Tuesday update
, and Avast released details of the exploit on Feb. 29.
Notably, the Avast analysts reported that FudModule has been turbocharged with new functionality, including a feature that suspends protected process light (PPL) processes found in the Microsoft Defender, Crowdstrike Falcon, and HitmanPro platforms.
Further,
Lazarus Group
ditched its previous
bring your own vulnerable driver (BYOVD) tactic
to jump from admin to kernel using the more straightforward zero-day exploit approach, the team explained.
Avast also discovered a new
Lazarus remote access Trojan (RAT)
, about which the vendor pledges to release more details later.
Though their [Lazarus Groups] signature tactics and techniques are well-recognized by now, they still occasionally manage to surprise us with an unexpected technical sophistication, the Avast report said. The FudModule rootkit serves as the latest example, representing one of the most complex tools Lazarus holds in their arsenal.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Microsoft Zero-Day Used by Lazarus in Rootkit Attack