Security researchers at Gen Threat Labs are linking one of the exploited zero-days patched by Microsoft last week to North Korea’s Lazarus APT group.
The vulnerability, tracked as CVE-2024-38193 and marked as ‘actively exploited’ by Microsoft, allows SYSTEM privileges on the latest Windows operating systems.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193
This is one of six zero-days marked as exploited by Microsoft in the August Patch Tuesday bundle.
https://www.securityweek.com/microsoft-warns-of-six-windows-zero-days-being-actively-exploited/
Security experts also believe a second flaw (CVE-2024-38178) is being used by North Korean APT groups to target victims in South Korea.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178