[HN Gopher] Lazarus and the FudModule rootkit: Beyond BYOVD with...
___________________________________________________________________
Lazarus and the FudModule rootkit: Beyond BYOVD with an admin-to-
kernel zero-day
Author : LinuxBender
Score : 45 points
Date : 2024-03-01 19:54 UTC (3 hours ago)
(HTM) web link (decoded.avast.io)
(TXT) w3m dump (decoded.avast.io)
| ruthie_cohen wrote:
| One has to assume that NK is using its most promising students
| for two things:
|
| - Cyber warfare and theft
|
| - Furthering its nuclear and missile programs
| littlestymaar wrote:
| Instead of using them for finance and making people click on
| ads...
| rvnx wrote:
| Not that much anymore, more likely working on warfare killing
| robots now, and ICBMs like SpaceX.
|
| So something in common.
| rvnx wrote:
| These guys are quite talented.
| dang wrote:
| Url changed from https://www.scmagazine.com/news/lazarus-group-
| observed-explo..., which points to this.
| dgellow wrote:
| That's a really good write up, with lots of details and pointers
| to other interesting sources to dig into.
| hnthrowaway0328 wrote:
| Man although I know nothing about this kind of stuffs I still
| enjoy very much reading it. Great writeup!
|
| This is the kind of work that I look forward to doing.
| shrubble wrote:
| Note: Lazarus Group, not anything to do with FreePascal and the
| Lazarus IDE.
| xyst wrote:
| Why anybody thought it would be a good idea to secure important
| infrastructure with Windows needs to be fired immediately. Smh
| lostmsu wrote:
| Not a vulnerability, as admin generally has the same privileges
| as kernel. At best this is a mitigation bypass.
|
| From the article:
|
| > Microsoft's security servicing criteria have long asserted that
| "[a]dministrator-to-kernel is not a security boundary"
___________________________________________________________________
(page generated 2024-03-01 23:00 UTC)