Lazarus Hacker Group Exploited Microsoft Windows Zero-day

The notorious Lazarus hacker group has been identified as exploiting a zero-day vulnerability in Microsoft Windows, specifically targeting the Windows Ancillary Function Driver for WinSock (AFD.sys).

This vulnerability, cataloged as CVE-2024-38193, was discovered by researchers Luigino Camastra and Milanek in early June 2024.

The flaw allowed the group to gain unauthorized access to sensitive system areas, posing a significant threat to users worldwide.

CVE-2024-38193: A Critical Security Vulnerability

The CVE-2024-38193 vulnerability is classified as an “Elevation of Privilege” flaw. It allowed attackers to bypass normal security restrictions and access sensitive system areas that are typically off-limits to most users and administrators.

This type of attack is sophisticated and resourceful. It is estimated to be worth several hundred thousand dollars on the black market.

The vulnerability was exploited using a specialized malware known as “Fudmodule,” which effectively concealed the hackers’ activities from security software.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

The Lazarus group targeted individuals in sensitive fields, such as cryptocurrency engineering and aerospace, aiming to infiltrate their employers’ networks and steal cryptocurrencies to fund their operations.

Microsoft Responds with a Critical Patch

In response to this alarming threat, Microsoft has swiftly issued a patch to address the critical vulnerability.

The company’s proactive efforts were bolstered by the Gen cybersecurity team, which alerted Microsoft to the issue and provided detailed example code that helped pinpoint and resolve the flaw effectively.

This rapid action has safeguarded all vulnerable Windows devices from potential attacks. All Windows users must update their systems promptly and remain vigilant against potential threats for continued protection.

Gen’s commitment to digital freedom extends beyond protecting its customers; it involves safeguarding the entire digital ecosystem.

Through rigorous research and deep visibility into emerging threats, their cybersecurity team was able to uncover this critical vulnerability and bring it to light before it could cause widespread harm.

By sharing this information with Microsoft, Gen has protected millions of Windows users worldwide and reaffirmed its dedication to creating a safer digital future for all.

This effort is a testament to Gen’s mission of empowering and protecting people everywhere, ensuring everyone can navigate the digital world confidently and securely.

The vulnerability is associated with the weakness CWE-416: Use After Free, with a CVSS score of 7.8/7.2, indicating its high severity.

Microsoft, the assigning CNA, has classified the maximum severity of this vulnerability as “Important.”

As the digital landscape continues to evolve, this incident underscores the importance of collaboration between cybersecurity experts and technology companies to protect users from sophisticated cyber threats.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

1 day ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

2 days ago

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…

2 days ago

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…

2 days ago

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…

2 days ago

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…

2 days ago