Legacy Driver Exploitation Through Bypassing Certificate Verification
1. Overview In June 2024, the security company CheckPoint-Research (CPR) published a post on a security threat that used the Legacy Driver Exploitation technique. This attack mostly focused on remotely controlling infected systems using the Gh0stRAT malware and causing additional damage. The threat actor distributed malware using a phishing site
Analysis Report on Lazarus Group’s Rootkit Attack Using BYOVD
Since 2009, Lazarus Group, known to be a group of hackers in North Korea, has been attacking not only Korea but various countries of America, Asia, and Europe. According to AhnLab’s ASD (AhnLab Smart Defense) infrastructure, in early 2022, the Lazarus Group performed APT (Advanced Persistent Threat) attacks on Korea’s
