North Korean Hackers Exploit Windows Zero-Day to Install Advanced Rootkit

A recently patched Windows zero-day vulnerability has been exploited by North Korean hackers to install a sophisticated rootkit, giving them deep access to compromised systems.

A wooden house with blue shutters and a staircase, the image is taken from the outside.
Photography by psaudio on Pixabay
Published: Wednesday, 20 November 2024 06:18 (EST)
By Jason Patel

A Windows zero-day vulnerability, tracked as CVE-2024-38193, was recently patched by Microsoft. However, before the patch was released, hackers working on behalf of the North Korean government had already exploited the flaw to install custom malware. This malware is not just any run-of-the-mill virus; it's an advanced rootkit that operates with stealth and precision, making it exceptionally difficult to detect and remove.

Lazarus Group Strikes Again

The notorious Lazarus Group, a hacking outfit backed by the North Korean government, is behind this latest attack. The vulnerability they exploited is located in AFD.sys, the binary file for the ancillary function driver, which is the kernel entry point for the Winsock API. This vulnerability is classified as a "use after free" flaw, a type of bug that can be exploited to gain system privileges—the highest level of access on a Windows machine.

With these elevated privileges, the attackers were able to execute untrusted code, effectively taking control of the affected systems. The rootkit they installed is designed to operate at the kernel level, giving it the ability to hide its presence and manipulate system operations without detection.

Microsoft had warned that this zero-day was being actively exploited in the wild, but at the time, they did not disclose who was behind the attacks or what their objectives were. Now, thanks to research from security firm Gen, we know that Lazarus was the culprit, and their goal was to gain deep, persistent access to compromised systems.

This incident underscores the importance of keeping systems up to date with the latest security patches. Zero-day vulnerabilities are particularly dangerous because they are exploited before a patch is available, leaving systems vulnerable to attack. Organizations and individuals alike should ensure that they are running the latest versions of their software and remain vigilant against potential threats.

Cybersecurity

Four people, three women and one man, are sitting at a table in a cafe, talking and looking at each other. The cafe is decorated with exposed brick walls and warm lighting. The people appear to be casually dressed, and they have a relaxed and friendly atmosphere. The image is well-lit, and the composition is balanced.
Exclusive: The Power of Cybersecurity Threat Intelligence Sharing

Uncover the untapped potential of cybersecurity threat intelligence sharing. Find out how collaboration can revolutionize your defenses. Get the inside scoop now!
A person is sitting at a desk using a laptop. The screen is displaying a shield with the text "Backup & Security" and a slider showing the security level.
Why Privilege Access Management is Key to Cybersecurity

Discover why Privilege Access Management (PAM) is a critical tool in protecting your organization from cyber threats and insider attacks.
An aerial view of a forest cutting site. The logs are stacked and waiting to be collected. A tractor is in the middle of the scene.
Why Cybersecurity Incident Logging Is Essential

Explore the importance of cybersecurity incident logging for detecting threats, ensuring compliance, and analyzing attacks. Strengthen your security posture now.
A miniature scene depicting a hard drive with a faucet attached, leaking data in the form of green numbers.
How Cybersecurity Data Exfiltration Threatens Your Privacy

Cybersecurity data exfiltration is more common than you think. Discover how attackers steal your data and what you can do to prevent it from happening.
Two soldiers running through a smoke screen.
Cybersecurity Deception Tactics: A Game-Changer?

Could deception tactics be the missing link in your cybersecurity strategy? Learn how this clever approach is changing the game for defenders.
Close-up shot of a cascading green digital code stream against a black background. The image evokes a sense of rapid data movement and complex system processes.
Network Intrusion Detection Systems: Your Cybersecurity Shield

Explore the power of Network Intrusion Detection Systems (NIDS) in cybersecurity. Learn how they detect threats and why they are crucial for network protection.