The report added that the FudModule rootkit has traditionally been shared between Citrine Sleet and Diamond Sleet (previously Zinc), one other North Korean risk actor identified to focus on media, protection, and data expertise (IT) industries globally.
RCE to ship FudModule
The report defined that victims had been directed to a Citrine Sleet-controlled exploit area voyagorclub[.]area. Whereas the precise methodology used for guiding the victims is unknown, Social Engineering is suspected as it’s a frequent Citrine Sleet method. As soon as a goal is related to the area, the zero-day RCE exploit for CVE-2024-7971 is achieved.
“After the RCE exploit achieved code execution within the sandboxed Chromium renderer course of, shellcode containing a Home windows sandbox escape exploit and the FudModule rootkit was downloaded, after which loaded into reminiscence,” Microsoft added within the report.