Lazarus hackers exploit Dell driver bug for BYOVD attacks

Lazarus, a North Korean ransomware gang is exploiting a Dell hardware driver flaw for Bring Your Own Vulnerable Driver attack. A Bring Your Own Vulnerable Driver (BYOVD) attack occurs when an attacker loads legitimate signed drivers into Windows that also contain known vulnerabilities.

In order to carry out their nefarious malware campaign, the targets receive fake job offers via email. Once the document is opened, a remote template is downloaded from a hardcoded address, followed by infections that involve malware loaders, droppers, custom backdoors, and other types of malicious activity.

ESET identified a new FudModule Rootkit that exploits a BYOVD (Bring Your Own Vulnerable Driver) technique to exploit a vulnerability in a Dell hardware driver. Threat actors are now exploiting the driver’s vulnerabilities to launch commands with kernel-level privileges.

“This is the first ever recorded abuse of this vulnerability in the wild. The attackers then used their kernel memory write access to disable seven mechanisms the Windows operating system offers to monitor its actions, like registry, file system, process creation, event tracing etc., basically blinding security solutions in a very generic and robust way,” ESET said.

The gang primarily target users in the EU some of which include an aerospace expert in the Netherlands and a political journalist in Belgium. The aim of the campaign is to conduct cyber espionage and steal data.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web