A recent report highlighted the use of the FudModule rootkit by Citrine Sleet, a North Korean threat actor, in collaboration with Diamond Sleet (formerly known as Zinc). These threat actors are notorious for targeting industries such as media, defense, and information technology on a global scale.
According to the report, victims were lured to a malicious exploit domain controlled by Citrine Sleet, voyagorclub[.]space. While the specific method of directing victims to this domain remains unknown, it is suspected that social engineering tactics were utilized, as they are commonly employed by Citrine Sleet. Once a victim accessed the domain, a zero-day Remote Code Execution (RCE) exploit for CVE-2024-7971 was deployed.
Following successful execution of the RCE exploit in the sandboxed Chromium renderer process, a shellcode containing a Windows sandbox escape exploit and the FudModule rootkit were downloaded and loaded into the system’s memory, as outlined in the report by Microsoft. This sophisticated attack highlights the evolving tactics used by threat actors to infiltrate and compromise targeted systems.
The FudModule rootkit has a history of being used by both Citrine Sleet and Diamond Sleet, underscoring the collaboration between these North Korean threat actors in carrying out cyber attacks. By leveraging RCE exploits and social engineering tactics, these threat actors have demonstrated their capability to bypass security measures and implant malicious tools like the FudModule rootkit in compromised systems.
The use of zero-day exploits and sophisticated malware like the FudModule rootkit poses a significant threat to organizations across various industries. As cyber threats continue to evolve, it is imperative for security professionals to remain vigilant and adopt robust defensive measures to protect against such advanced attacks.
In light of this report, organizations are advised to enhance their security posture by implementing multi-layered security controls, conducting regular security assessments, and educating employees on the importance of practicing good cyber hygiene. By staying informed about emerging cyber threats and investing in proactive security measures, businesses can mitigate the risk of falling victim to sophisticated attacks like those orchestrated by Citrine Sleet and Diamond Sleet.