TLDR:
- Microsoft released a patch for a zero-day vulnerability exploited by the Lazarus Group, a North Korean state-sponsored hacking organization
- The Lazarus Group has a history of high-profile cyberattacks and financial theft, using sophisticated tactics to remain undetected
Article Summary:
Microsoft recently patched a critical zero-day vulnerability in Windows that had been exploited by the Lazarus Group, a notorious North Korean state-sponsored hacking organization. The flaw, identified as CVE-2024-38193, allowed for privilege escalation in the Windows Ancillary Function Driver (AFD.sys) for WinSock, potentially granting attackers SYSTEM privileges. This patch was part of Microsoft’s monthly Patch Tuesday update, addressing a total of 90 security flaws.
The Lazarus Group has a long history of cybercriminal activities, dating back to over two decades. Known for their financial motivation, the group has targeted various industries such as film studios, banks, and healthcare, employing tactics like DDoS attacks, wipers, and remote access trojans. One of their most notable attacks was the 2017 WannaCry ransomware attack, affecting hundreds of thousands of computers worldwide.
One key distinguishing factor of the Lazarus Group is their use of anti-forensic techniques to cover their tracks after an attack, making it challenging for investigators to attribute the incidents. Additionally, the group has been known to use cryptoworms to spread malware autonomously across networks, as seen in the WannaCry attack. Despite Microsoft’s efforts to patch vulnerabilities, new updates may introduce new potential weaknesses for groups like the Lazarus Group to exploit.