Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware
February 29, 2024
CISA: Admin Credentials of a Former Employee Leveraged to Compromise a State Government Organization
February 29, 2024

A North Korean-linked APT group exploited a zero-day vulnerability in the Windows AppLocker driver (appid.sys) to gain kernel-level access to a target system

An APT group linked to North Korea is exploiting a zero-day vulnerability in the appid.sys AppLocker driver using an admin-to-kernel exploit. A zero-day exploit, identified as CVE-2024-21338, was addressed by Microsoft in February.

The flaw CVE-2024-21338 resides within the IOCTL (Input and Output Control) dispatcher of the driver appid.sys. In the AppLocker application, this driver controls which apps and files users can run. Lazarus exploited the zero-day in the appid.sys driver by manipulating the Input and Output Control (IOCTL) dispatcher. As a result of this manipulation, they can execute arbitrary code on the target system, bypassing security mechanisms.

Japanese organizations must follow the instructions provided by Microsoft Security Response Center and also install drivers and apply patches to old applications and software.

Related posts

April 11, 2024

Threat Actors Are Actively Using Pupy RAT Malware to Attack Linux Systems

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.