The notorious North Korean hacking group “Lazarus” latest hacking campaign is centered on Dell consumers. According to analytical reports, the threat actors have launched a new hacking tool dubbed “Bring Your Own Vulnerable Driver”. In recently observed attacks, it was noted that criminals were installing a specially designed Windows rootkit, which is capable of compromising Dell device drivers.
So far, the state-sponsored hacking gang has utilized it for many of its evil objectives. Recently, a few well-known journalists based in the Netherlands fell victim to the hackers malicious phishing campaign. The confirmed targeted data theft and espionage scam started in the latter part of 2021, according to ESET cyber security firm.
According to researchers at the firm, the bizarre weapon utilized in the most recent hacking operation is a rootkit for Windows. It’s dubbed as ‘Bring Your Own Vulnerable Driver (BYOVD)’.
The strategy has been quite successfully executed on numerous occasions. It is now labeled as a hacker’s most prolific tool, as its capabilities for real world scamming attack is detrimental. Along with the new cutting-edge software dubbed FUDModule, united together, they’ve become a nightmare for global Dell computer users.
Targeted Amazon Job Scam
A recent scamming campaign associated with the Lazarus hackers involves an Amazon job offer. First, phishing emails addressed to European targets were sent as job offers from Amazon. However, the fake job offer has no affiliation with the US company. With this cyber security breach, individuals were tricked into downloading a remote template from a hardcoded URL.
Next, once these files were opened by unsuspecting victims, the hackers malware loaders, droppers, virus backdoors, and other malicious infections were immediately launched on the victims’ computer.
To infiltrate Dell devices, the hackers’ rootkit is programmed to take advantage of a total of five Dell DBUtil driver system flaws. Thus, allowing the threat actors to inject their harmful codes into the affected computer’s software programs.
The previously mentioned harmful hacking tool kit works in tandem with the CVE-2021-21551 file, which has a vulnerability flaw in a legitimate Dell driver. When this occurs; it enables a user-mode module programmed by the hacker to read and write kernel memory.
Windows Vulnerabilities Scam
Notably, the benign FUDModule is currently the loophole used for numerous hacking campaigns, by Lazarus and other nefarious hacking groups.
With the ongoing research, the cyber analysts warned that the dark web hackers simply used the kernel memory write access to disable Dell devices’ mechanisms. Thus, they effectively render the security solutions incapable of detecting the hackers’ malware.
The Windows Operating System offers seven fail stops that monitor a device action, which includes the registry, file system, process creation, and event tracing.
Now with the “Bring Your Own Vulnerable Driver” (BYOVD), Windows blindly allows criminal hackers to infiltrate legitimately licensed drivers riddled with unplugged zero-day flaws.