BleepingComputer reports that attacks exploiting a Windows Ancillary Function Driver for WinSock zero-day vulnerability, tracked as CVE-2024-38193, have been deployed by North Korean hacking collective Lazarus Group to facilitate stealthy systems compromise with the FUDModule rootkit, which enabled the deactivation of Windows monitoring capabilities.
Such Bring Your Own Vulnerable Driver issue, which was resolved as part of this month's Patch Tuesday, "allowed them to gain unauthorized access to sensitive system areas. We also discovered that they used a special type of malware called Fudmodule to hide their activities from security software," said Gen Digital researchers, who discovered the flaw. No further information was provided regarding the targeted organization but financial and cryptocurrency entities have been commonly subjected to attacks by Lazarus, which seek to support the weapons and cyber programs of North Korea. Among the most recent victims of the hacking group was Axie Infinity, which lost more than $617 million from a cryptocurrency heist in 2022.
