Google: State hackers still exploiting Internet Explorer zero-days

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,364
Google's Threat Analysis Group (TAG) revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability (known as a zero-day) to infect South Korean targets with malware.

Google TAG was made aware of this recent attack on October 31 when multiple VirusTotal submitters from South Korea uploaded a malicious Microsoft Office document named "221031 Seoul Yongsan Itaewon accident response situation (06:00).docx."

Once opened on the victims' devices, the document would deliver an unknown payload after downloading a rich text file (RTF) remote template that would render remote HTML using Internet Explorer.

Loading the HTML content that delivered the exploit remotely allows the attackers to exploit the IE zero-day even if the targets weren't using it as their default web browser.

The vulnerability (tracked as CVE-2022-41128) is due to a weakness in the JavaScript engine of Internet Explorer, which allows threat actors who successfully exploit it to execute arbitrary code when rendering a maliciously crafted website.

Microsoft patched it during last month's Patch Tuesday, on November 8, five days after assigning it a CVE ID following a report from TAG received on October 31.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top