North Korean hackers installed rootkits on thousands of PCs via Windows zero-day vulnerability

Cybersecurity researchers have discovered that the hacker group Lazarus, believed to be linked to the North Korean government, used a zero-day vulnerability in Windows to install a sophisticated FudModule rootkit. The vulnerability allows you to gain maximum rights in the system.

Image source: anonymous_Pete-Linforth/Pixabay

As reported by Ars Technica with reference to representatives of the Gen company, the vulnerability, which received the identifier CVE-2024-38193, belongs to the “use after free” class and is located in the AFD.sys driver, which is used to work with the Winsock protocol and serves as an entry point into operating system kernel. Microsoft has warned that this vulnerability could be used by attackers to gain system privileges that allow them to execute unverified code.

«The vulnerability allowed attackers to bypass standard security mechanisms and gain access to sensitive areas of the system that are inaccessible to most users and even administrators, says the Gen report. “This type of attack is complex and resource-intensive, and its cost on the black market can reach several hundred thousand dollars.” Recall that the FudModule rootkit was first discovered in 2022. It is able to hide its malicious presence in the system, bypassing antiviruses and other security measures.

Previously, Lazarus hackers used the “Bring your own vulnerable driver” technique to install earlier versions of FudModule. However, this time they took advantage of a bug in the appid.sys system driver, which was present by default in all versions of Windows until today.

Gen has not disclosed details regarding how long hackers have been exploiting the CVE-2024-38193 vulnerability, how many organizations have been affected by the attacks, or whether antivirus programs were able to detect the latest version of FudModule.

admin

Share
Published by
admin

Recent Posts

Apple to Change OS Numbering: iOS 26 to Come This Year Instead of iOS 19

Apple is preparing a large-scale rebranding of its line of operating systems. This was reported…

13 hours ago

The Witcher 3: Wild Hunt has matched Skyrim in sales, and every third Cyberpunk 2077 owner has bought the Phantom Liberty add-on

The cult open-world action role-playing game The Witcher 3: Wild Hunt, which recently celebrated its…

13 hours ago

Analysts predict absurd surge in PC sales due to Trump’s indiscriminate tariffs

IDC analysts unexpectedly concluded that the current unstable tariff policy of the US administration will…

13 hours ago

Adata XPG Mars 980 Blade PCIe 5.0 SSD Review: Affordable SM2508 Flagship

The first consumer SSDs with PCIe 5.0 interface appeared on the market about two years…

13 hours ago

Electronic Arts to Focus on Key Franchises — Black Panther Action Game Cancelled, Cliffhanger Games Studio Closed

The IGN portal, citing internal correspondence from Electronic Arts, reported that the American publisher has…

13 hours ago

Study: Apple C1 mobile modem falls short of Qualcomm modems in terms of connection quality in difficult conditions

A study by Cellular Insights Inc. found that Qualcomm's mobile modems perform better than Apple's…

2 days ago