CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Nation-State·Vulnerabilities

Windows Zero-Day Attack Linked to North Korea’s Lazarus APT

The vulnerability, tracked as CVE-2024-38193 and marked as ‘actively exploited’ by Microsoft, allows SYSTEM privileges on the latest Windows operating systems. The post Windows Zero-Day Attack Linked to North Korea’s Lazarus APT appeared first on SecurityWeek.

North Korea weapons funding

Security researchers at Gen Threat Labs are linking one of the exploited zero-days patched by Microsoft last week to North Korea’s Lazarus APT group.

The vulnerability, tracked as CVE-2024-38193 and marked as ‘actively exploited’ by Microsoft, allows SYSTEM privileges on the latest Windows operating systems.

Gen, which is a rollup of consumer brands Norton, Avast, LifeLock and Avira, posted a sparse note linking the exploitation to Lazarus via the use of the FudModule rootkit.  However, the company did not release any indicators or technical documentation to support the connection.

“In early June, Luigino Camastra and Milanek discovered that the Lazarus group was exploiting a hidden security flaw in a crucial part of Windows called the AFD.sys driver. This flaw allowed them to gain unauthorized access to sensitive system areas. We also discovered that they used a special type of malware called Fudmodule to hide their activities from security software,” the company said without providing additional details. 

Avast previously documented FudModule as part of the Lazarus APT toolkit that included an admin-to-kernel Windows zero-day exploit dating back to February.

This is one of six zero-days marked as exploited by Microsoft in the August Patch Tuesday bundle. Security experts also believe a second flaw (CVE-2024-38178) is being used by North Korean APT groups to target victims in South Korea.

That bug, a memory corruption vulnerability in the Windows Scripting Engine, allows remote code execution attacks if an authenticated client is tricked into clicking a link. Successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode. 

This Scripting Engine zero-day was reported by Ahn Lab and the South Korea’s National Cyber Security Center, suggesting it was used in a nation-state APT compromise.  Microsoft did not release IOCs (indicators of compromise) or any other data to help defenders hunt for signs of infections.  

Related: Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw

Related: Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

Related: Microsoft: China Flaw Disclosure Law Part of Zero-Day Exploit Surge

Related: Windows Update Flaws Allow Undetectable Downgrade Attacks

Related: Adobe Calls Attention to Massive Batch of Code Execution Flaws

Latest News

CYBERNEWSMEDIAPublisher