"Long-Term Exploitation: Windows Zero-Day Vulnerabilities by Lazarus Hackers"
Hackers backed by the North Korean government exploited a Windows zero-day vulnerability, CVE-2024-21338, for six months after Microsoft was informed of it, allowing them to install a stealthy rootkit on vulnerable computers. The vulnerability provided an easy and stealthy means for malware with administrative system rights to interact with the Windows kernel. Microsoft's delay in patching the vulnerability was attributed to its policy regarding admin-to-kernel vulnerabilities not representing a security boundary. The North Korean threat group Lazarus used the vulnerability to install a custom rootkit, taking advantage of the opportunity for stealth and advanced access to the Windows kernel.