Lazarus Hacker Group Exploited Microsoft Windows Zero-day

The notorious Lazarus hacker group has been identified as exploiting a zero-day vulnerability in Microsoft Windows, specifically targeting the Windows Ancillary Function Driver for WinSock (AFD.sys).

This vulnerability, cataloged as CVE-2024-38193, was discovered by researchers Luigino Camastra and Milanek in early June 2024.

The flaw allowed the group to gain unauthorized access to sensitive system areas, posing a significant threat to users worldwide.

CVE-2024-38193: A Critical Security Vulnerability

The CVE-2024-38193 vulnerability is classified as an “Elevation of Privilege” flaw. It allowed attackers to bypass normal security restrictions and access sensitive system areas that are typically off-limits to most users and administrators.

This type of attack is sophisticated and resourceful. It is estimated to be worth several hundred thousand dollars on the black market.

The vulnerability was exploited using a specialized malware known as “Fudmodule,” which effectively concealed the hackers’ activities from security software.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

The Lazarus group targeted individuals in sensitive fields, such as cryptocurrency engineering and aerospace, aiming to infiltrate their employers’ networks and steal cryptocurrencies to fund their operations.

Microsoft Responds with a Critical Patch

In response to this alarming threat, Microsoft has swiftly issued a patch to address the critical vulnerability.

The company’s proactive efforts were bolstered by the Gen cybersecurity team, which alerted Microsoft to the issue and provided detailed example code that helped pinpoint and resolve the flaw effectively.

This rapid action has safeguarded all vulnerable Windows devices from potential attacks. All Windows users must update their systems promptly and remain vigilant against potential threats for continued protection.

Gen’s commitment to digital freedom extends beyond protecting its customers; it involves safeguarding the entire digital ecosystem.

Through rigorous research and deep visibility into emerging threats, their cybersecurity team was able to uncover this critical vulnerability and bring it to light before it could cause widespread harm.

By sharing this information with Microsoft, Gen has protected millions of Windows users worldwide and reaffirmed its dedication to creating a safer digital future for all.

This effort is a testament to Gen’s mission of empowering and protecting people everywhere, ensuring everyone can navigate the digital world confidently and securely.

The vulnerability is associated with the weakness CWE-416: Use After Free, with a CVSS score of 7.8/7.2, indicating its high severity.

Microsoft, the assigning CNA, has classified the maximum severity of this vulnerability as “Important.”

As the digital landscape continues to evolve, this incident underscores the importance of collaboration between cybersecurity experts and technology companies to protect users from sophisticated cyber threats.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access