The report added that the FudModule rootkit has traditionally been shared between Citrine Sleet and Diamond Sleet (previously Zinc), one other North Korean risk actor recognized to focus on media, protection, and knowledge know-how (IT) industries globally.
RCE to ship FudModule
The report defined that victims have been directed to a Citrine Sleet-controlled exploit area voyagorclub[.]house. Whereas the precise technique used for steering the victims is unknown, Social Engineering is suspected as it’s a widespread Citrine Sleet approach. As soon as a goal is linked to the area, the zero-day RCE exploit for CVE-2024-7971 is achieved.
“After the RCE exploit achieved code execution within the sandboxed Chromium renderer course of, shellcode containing a Home windows sandbox escape exploit and the FudModule rootkit was downloaded, after which loaded into reminiscence,” Microsoft added within the report.
