Researchers said the Lazarus Group attacks were the first recorded abuse of the known Dell driver flaw (CVE-2021-21551) in the wild.
The flaw was first reported to Microsoft in 2019, but at the time it said it did not consider the issue to be a vulnerability.
Researchers believe that attackers behind the Anchor malware, the Trickbot gang, have ceased Trickbot operations are instead focusing on deploying stealthier versions of other malware families.
Researchers have uncovered malware samples that are targeting a local privilege escalation flaw in Windows Installer.
Attackers exploiting the CVE-2021-40444 Windows flaw used infrastructure also known to be associated with a ransomware group.