North Korean hackers used an IE vulnerability to target South Koreans after Halloween tragedy

Within the aftermath of the that killed not less than 158 folks, North Korea’s APT37 state-sponsored hacking group took benefit of a beforehand unknown Web Explorer vulnerability to put in malware on the gadgets of South Koreans who had been looking for out in regards to the tragedy, . The workforce grew to become conscious of the latest assault on October thirty first after a number of South Koreans uploaded a malicious Microsoft Workplace doc to the corporate’s instrument.

APT37 took benefit of nationwide curiosity within the Itaewon tragedy by referencing the occasion in an official-looking doc. As soon as somebody opened the doc on their gadget, it might obtain a wealthy textual content file distant template that will, in flip, render distant HTML utilizing Web Explorer. In keeping with Google, this can be a approach that has been broadly used to distribute exploits since 2017, because it permits hackers to reap the benefits of vulnerabilities in Web Explorer even when somebody isn’t utilizing IE as their default net browser.

The JavaScript vulnerability APT37 took benefit of allowed the group to execute arbitrary code. Google knowledgeable Microsoft of the zero-day on the identical day it grew to become conscious of it. On November eighth, Microsoft launched a software program replace to deal with the exploit. “We’d be remiss if we didn’t acknowledge the short response and patching of this vulnerability by the Microsoft workforce,” Google stated.

Whereas the TAG workforce didn’t get an opportunity to research the ultimate malware APT37 hackers tried to deploy in opposition to their targets, it notes the group is thought for utilizing all kinds of malicious software program, together with ROKRAT, BLUELIGHT and DOLPHIN. “TAG additionally recognized different paperwork seemingly exploiting the identical vulnerability and with comparable focusing on, which can be a part of the identical marketing campaign,” the workforce added.

This isn’t the primary time Google’s Menace Evaluation Group has thwarted an assault by North Korean hackers. At the beginning of 2021, the workforce detailed a marketing campaign that . Extra not too long ago, the workforce labored with the Chrome workforce to deal with a vulnerability that was utilized by two North Korean hacking cadres to execute distant code.