RIG Exploit Kit still infects enterprise users via Internet Explorer


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service's long operational history.

By exploiting relatively old Internet Explorer vulnerabilities, RIG EK has been seen distributing various malware families, including Dridex, SmokeLoader, and RaccoonStealer.

According to a detailed report by Prodaft, whose researchers gained access to the service's backend web panel, the exploit kit remains a significant large-scale threat to individuals and organizations.
Prodaft says RIG EK currently targets 207 countries, launching an average of 2,000 attacks per day and having a current success rate of 30%. This rate was 22% before the exploit kit resurfaced with two new exploits, says Prodaft.

As the heatmap published in the report shows, the most impacted countries are Germany, Italy, France, Russia, Turkey, Saudi Arabia, Egypt, Algeria, Mexico, and Brazil. However, there are victims worldwide.

The highest success rate is brought by CVE-2021-26411, achieving a 45% successful exploitation ratio, followed by CVE-2016-0189 with 29% and CVE-2019-0752 with 10%.

CVE-2021-26411 is a high-severity memory corruption flaw in Internet Explorer that Microsoft fixed in March 2021, triggered by viewing a maliciously crafted website.

The CVE-2016-0189 and CVE-2019-0752 vulnerabilities are also in Internet Explorer, allowing remote code execution in the browser.

CISA published an active exploitation alert for CVE-2019-0752 in February 2022, warning system administrators the vulnerability is still being exploited and to apply available security updates.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.