IBM Security X-Force examined defensive detection opportunities for Lazarus FudModule, a malware component previously analyzed for tampering with Event Tracing for Windows. The source says FudModule installs a Dell driver vulnerable to CVE-2021-21551 to gain kernel-mode privileges in a bring-your-own-vulnerable-driver attack, enabling Direct Kernel Object Manipulation against ETW registration handles. By nulling ETW provider handles, the malware can reduce telemetry available to operating system, antivirus, and EDR consumers without necessarily preventing defenders from creating new ETW sessions. X-Force recommends monitoring data-stream health and comparing expected telemetry across ETW sessions as a way to detect blind spots caused by this kind of Lazarus defense-evasion tradecraft.