Lazarus hackers return and hijack a Windows security flaw

The infamous Lazarus Group is exploiting a zero-day vulnerability to disable antivirus programs on targeted Windows endpoints, new research shows.

Cybersecurity experts at Avast said they have spotted a new campaign by the North Korean state-sponsored hackers, which is now exploiting a flaw in the Windows AppLocker driver. This flaw, tracked as CVE-2024-21338, allowed them to gain kernel-level access to the device. They used it to disable any antivirus programs installed on the device, opening the door for more disruptive malware.