February 29, 2024 at 07:09AM
The Lazarus Group exploited a zero-day privilege escalation flaw in the Windows Kernel, gaining kernel-level access and disabling security software. Microsoft patched the vulnerability (CVE-2024-21338) as part of Patch Tuesday updates. The group used an in-the-wild admin-to-kernel exploit, allowing them to run the FudModule rootkit, bypass security checks, and disable specific security software. This signifies a new level of technical sophistication for North Korean hacking groups.
Key Takeaways:
– The Lazarus Group exploited a zero-day privilege escalation flaw, CVE-2024-21338, to gain kernel-level access and disable security software on compromised Windows hosts.
– Microsoft released a fix as part of Patch Tuesday updates, and it’s crucial for organizations to apply these patches promptly.
– The FudModule rootkit, used by Lazarus, is capable of disabling various security solutions and shows a high level of technical sophistication.
– The group’s activities emphasize the need for vigilance and prompt application of security patches to mitigate the risk of zero-day exploits.
Let me know if you need any further information or action on this.