"Lazarus Hackers Exploited Windows Zero-Day to Gain Kernel Privileges"

Lazarus Group, the North Korean state-sponsored cyber threat group, exploited a flaw in the Windows AppLocker driver to gain kernel-level access and disable security tools, bypassing Bring Your Own Vulnerable Driver (BYOVD) techniques. The activity was detected by Avast analysts, who reported it to Microsoft, resulting in a fix for the flaw, now tracked as CVE-2024-21338. According to Avast, Lazarus Group exploited the vulnerability to create a read/write kernel primitive in an updated version of its FudModule rootkit, which previously abused a Dell driver for BYOVD attacks. The updated FudModule rootkit has stealth and functionality improvements. It has new methods for evading detection and disabling security protections such as Microsoft Defender. This article continues to discuss Lazarus Group's exploitation of a zero-day vulnerability in the Windows AppLocker driver.

Bleeping Computer reports "Lazarus Hackers Exploited Windows Zero-Day to Gain Kernel Privileges"

Submitted by grigby1