{"id":59013,"date":"2024-08-19T23:37:08","date_gmt":"2024-08-19T23:37:08","guid":{"rendered":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/"},"modified":"2024-08-19T23:37:08","modified_gmt":"2024-08-19T23:37:08","slug":"windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit","status":"publish","type":"post","link":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/","title":{"rendered":"Windows 0-day was exploited by North Korea to install advanced rootkit"},"content":{"rendered":"<div>\n<div id=\"rss-wrap\">\n<figure class=\"intro-image intro-left\">\n  <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/03\/north-korea-hacking-800x534.jpeg\" alt=\"Windows 0-day was exploited by North Korea to install advanced rootkit\" \/><\/p>\n<p class=\"caption\" style=\"font-size:0.8em\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/03\/north-korea-hacking.jpeg\" class=\"enlarge-link\" data-height=\"667\" data-width=\"1000\">Enlarge<\/a> (credit: Getty Images)<\/p>\n<\/figure>\n<div><a name=\"page-1\"><\/a><\/div>\n<p>A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on behalf of the North Korean government so they could install custom malware that\u2019s exceptionally stealthy and advanced, researchers reported Monday.<\/p>\n<p>The vulnerability, tracked as <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-38193\">CVE-2024-38193<\/a>, was one of six zero-days\u2014meaning vulnerabilities known or actively exploited before the vendor has a patch\u2014fixed in Microsoft\u2019s monthly update release last Tuesday. Microsoft said the vulnerability\u2014in a class known as a &#8220;use after free&#8221;\u2014was located in AFD.sys, the binary file for what\u2019s known as the ancillary function driver and the kernel entry point for the Winsock API. Microsoft warned that the zero-day could be exploited to give attackers system privileges, the maximum system rights available in Windows and a required status for executing untrusted code.<\/p>\n<h2>Lazarus gets access to the Windows kernel<\/h2>\n<p>Microsoft warned at the time that the vulnerability was being actively exploited but provided no details about who was behind the attacks or what their ultimate objective was. On Monday, researchers with Gen\u2014the security firm that discovered the attacks and reported them privately to Microsoft\u2014said the threat actors were part of Lazarus, the name researchers use to track a hacking outfit backed by the North Korean government.<\/p>\n<\/div>\n<p><a href=\"https:\/\/arstechnica.com\/?p=2044100#p3\">Read 6 remaining paragraphs<\/a> | <a href=\"https:\/\/arstechnica.com\/?p=2044100&amp;comments=1\">Comments<\/a><\/p>\n<\/div>\n<p class=\"wpematico_credit\"><small>Powered by <a href=\"http:\/\/www.wpematico.com\" target=\"_blank\" rel=\"noopener\">WPeMatico<\/a><\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Enlarge (credit: Getty Images) A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on behalf of the North Korean government so they could install custom malware that\u2019s exceptionally stealthy and advanced, researchers reported Monday. The vulnerability, tracked as CVE-2024-38193, was one of six zero-days\u2014meaning vulnerabilities known or actively exploited before the vendor has a patch\u2014fixed in Microsoft\u2019s monthly update release last Tuesday. Microsoft said the vulnerability\u2014in&#8230;<\/p>\n","protected":false},"author":1,"featured_media":59014,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[241],"tags":[],"class_list":["post-59013","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Windows 0-day was exploited by North Korea to install advanced rootkit - UshopWell.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Windows 0-day was exploited by North Korea to install advanced rootkit - UshopWell.com\" \/>\n<meta property=\"og:description\" content=\"Enlarge (credit: Getty Images) A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on behalf of the North Korean government so they could install custom malware that\u2019s exceptionally stealthy and advanced, researchers reported Monday. The vulnerability, tracked as CVE-2024-38193, was one of six zero-days\u2014meaning vulnerabilities known or actively exploited before the vendor has a patch\u2014fixed in Microsoft\u2019s monthly update release last Tuesday. Microsoft said the vulnerability\u2014in...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/\" \/>\n<meta property=\"og:site_name\" content=\"UshopWell.com\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-19T23:37:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/08\/north-korea-hacking-800x534-1.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"534\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"UShopWell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"UShopWell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/\"},\"author\":{\"name\":\"UShopWell\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/person\\\/6fd1f9e0ff932e534c86c70d5acff0fc\"},\"headline\":\"Windows 0-day was exploited by North Korea to install advanced rootkit\",\"datePublished\":\"2024-08-19T23:37:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/\"},\"wordCount\":232,\"publisher\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/north-korea-hacking-800x534-1.jpeg\",\"articleSection\":[\"Technology\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/\",\"name\":\"Windows 0-day was exploited by North Korea to install advanced rootkit - UshopWell.com\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/north-korea-hacking-800x534-1.jpeg\",\"datePublished\":\"2024-08-19T23:37:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/north-korea-hacking-800x534-1.jpeg\",\"contentUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/north-korea-hacking-800x534-1.jpeg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Windows 0-day was exploited by North Korea to install advanced rootkit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#website\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\",\"name\":\"UshopWell.com\",\"description\":\"The Premiere Online Marketplace\",\"publisher\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\",\"name\":\"UshopWell\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/pandaSwea.png\",\"contentUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/pandaSwea.png\",\"width\":365,\"height\":359,\"caption\":\"UshopWell\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/person\\\/6fd1f9e0ff932e534c86c70d5acff0fc\",\"name\":\"UShopWell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"caption\":\"UShopWell\"},\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/author\\\/kburnettu\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Windows 0-day was exploited by North Korea to install advanced rootkit - UshopWell.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/","og_locale":"en_US","og_type":"article","og_title":"Windows 0-day was exploited by North Korea to install advanced rootkit - UshopWell.com","og_description":"Enlarge (credit: Getty Images) A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on behalf of the North Korean government so they could install custom malware that\u2019s exceptionally stealthy and advanced, researchers reported Monday. The vulnerability, tracked as CVE-2024-38193, was one of six zero-days\u2014meaning vulnerabilities known or actively exploited before the vendor has a patch\u2014fixed in Microsoft\u2019s monthly update release last Tuesday. Microsoft said the vulnerability\u2014in...","og_url":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/","og_site_name":"UshopWell.com","article_published_time":"2024-08-19T23:37:08+00:00","og_image":[{"width":800,"height":534,"url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/08\/north-korea-hacking-800x534-1.jpeg","type":"image\/jpeg"}],"author":"UShopWell","twitter_card":"summary_large_image","twitter_misc":{"Written by":"UShopWell","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/#article","isPartOf":{"@id":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/"},"author":{"name":"UShopWell","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/person\/6fd1f9e0ff932e534c86c70d5acff0fc"},"headline":"Windows 0-day was exploited by North Korea to install advanced rootkit","datePublished":"2024-08-19T23:37:08+00:00","mainEntityOfPage":{"@id":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/"},"wordCount":232,"publisher":{"@id":"https:\/\/ushopwell.com\/ublog\/#organization"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/#primaryimage"},"thumbnailUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/08\/north-korea-hacking-800x534-1.jpeg","articleSection":["Technology"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/","url":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/","name":"Windows 0-day was exploited by North Korea to install advanced rootkit - UshopWell.com","isPartOf":{"@id":"https:\/\/ushopwell.com\/ublog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/#primaryimage"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/#primaryimage"},"thumbnailUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/08\/north-korea-hacking-800x534-1.jpeg","datePublished":"2024-08-19T23:37:08+00:00","breadcrumb":{"@id":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/#primaryimage","url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/08\/north-korea-hacking-800x534-1.jpeg","contentUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/08\/north-korea-hacking-800x534-1.jpeg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/ushopwell.com\/ublog\/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ushopwell.com\/ublog\/"},{"@type":"ListItem","position":2,"name":"Windows 0-day was exploited by North Korea to install advanced rootkit"}]},{"@type":"WebSite","@id":"https:\/\/ushopwell.com\/ublog\/#website","url":"https:\/\/ushopwell.com\/ublog\/","name":"UshopWell.com","description":"The Premiere Online Marketplace","publisher":{"@id":"https:\/\/ushopwell.com\/ublog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ushopwell.com\/ublog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/ushopwell.com\/ublog\/#organization","name":"UshopWell","url":"https:\/\/ushopwell.com\/ublog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/logo\/image\/","url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2018\/01\/pandaSwea.png","contentUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2018\/01\/pandaSwea.png","width":365,"height":359,"caption":"UshopWell"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/person\/6fd1f9e0ff932e534c86c70d5acff0fc","name":"UShopWell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","caption":"UShopWell"},"url":"https:\/\/ushopwell.com\/ublog\/author\/kburnettu\/"}]}},"_links":{"self":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts\/59013","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/comments?post=59013"}],"version-history":[{"count":0,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts\/59013\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/media\/59014"}],"wp:attachment":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/media?parent=59013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/categories?post=59013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/tags?post=59013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}