Avast’s security analysts have disclosed that the notorious North Korean hacking group Lazarus exploited a previously unknown zero-day flaw in the Windows AFD.sys driver, gaining kernel-level access to targeted systems.

This flaw, designated CVE-2024-38193, was reported to Microsoft and was patched in their June 2024 Patch Tuesday updates.

The Lazarus Group, also known as APT38, has been actively leveraging this vulnerability to infiltrate critical system areas without authorization. Microsoft has since released a patch to address this issue, highlighting the gravity of the security breach.

Believed to be backed by the North Korean government, Lazarus is a highly sophisticated hacking group that has been operating since at least 2009. The group has conducted numerous high-profile cyberattacks, affecting sectors such as finance, government, and various industries.

Researchers Luigino Camastra and Milanek initially discovered the vulnerability in early June. They identified that Lazarus exploited the AFD.sys driver, an essential Windows component for handling advanced file operations.

The vulnerability allowed attackers to bypass normal security restrictions, providing them access to restricted system areas. Lazarus used a stealthy malware named Fudmodule to conceal their activities and evade detection from security tools.

The exploitation of this zero-day flaw is particularly concerning due to its potential impact on critical industries like cryptocurrency and aerospace, where attackers sought to breach networks and steal cryptocurrencies for their operations.

This attack demonstrates the increasing sophistication of cybercriminals targeting sensitive sectors.

In response, Microsoft has issued a patch to resolve the vulnerability, thanks to the detailed exploit information provided by Gen Threat Labs. It is crucial for Windows users to update their systems promptly to protect against such threats.

As cyber threats evolve, it is essential for both individuals and organizations to remain vigilant and proactive in their cybersecurity efforts. Regular updates and awareness of potential vulnerabilities are critical in defending against sophisticated cyber threats, including those posed by the Lazarus Group.