Hackers aren’t just nerds rapidly typing away in dimly lit rooms, as seen in the movies. More and more threats are coming from what are known as “state-level hackers,” who are teams of people — either employed directly or contracted by a government — who attack other governments, corporations, and agencies.
Not long ago, security researchers spotted North Korean hackers doing just that with a recently patched Windows vulnerability.
Gen Digital, a consortium of researchers from security software vendors like Norton, Avast, Avira, and AVG, says it spotted North Korean state-level hackers using a Windows zero-day exploit. Gen is accusing the Lazarus group — who are infamous for the high-profile attack on Sony Pictures in 2014 — of targeting “individuals in sensitive fields” like cryptocurrency and aerospace.
The report (spotted by Ars Technica) alleges that Lazarus used the CVE-2024-38193 vulnerability as recently as June, along with the popular FudModule tool to get around detection from security programs. It’s a deep enough vulnerability that it could give an attacker wide-open access to Windows and even allow them to run untrusted code, effectively granting total control and surveillance.
According to Gen Digital, this kind of operation is sophisticated enough that it could go for hundreds of thousands of dollars as a black market service. Exactly who was targeted and what was taken wasn’t shared.
The CVE-2024-38193 security issue was patched by Microsoft last week, so if you’re current on your Windows updates, you’re safe.
Not that this sort of attack is a regular concern for everyone. It’s so targeted and complex that it’s only worth going after users with high-level access to governments and corporate entities. If that happens to be you… well, don’t ignore that Windows update notification.
Further reading: Best practices for maximizing online security