Security News > 2021 > February > Hacking group also used an IE zero-day against security researchers

An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers.

Last month, Google disclosed that the North Korean state-sponsored hacking group known as Lazarus was conducting social engineering attacks against security researchers.

To perform their attacks, the threat actors created elaborate online 'security researcher' personas that would then use social media to contact well-known security researchers to collaborate on vulnerability and exploit development.

Today, South Korean cybersecurity firm ENKI reported that Lazarus targeted security researchers on their team with MHTML files in this social engineering campaign.

The MHT file sent to ENKI researchers contained what was allegedly a Chrome 85 RCE exploit and was named 'Chrome 85 RCE Full Exploit Code.mht.

Acros CEO and 0patch co-founder Mitja Kolsek told BleepingComputer that he was able to reproduce the Internet Explorer zero-day PoC reported by ENKI. Based on tweets from other security researchers, ENKI told BleepingComputer that they believe other researchers know of this IE 11 zero-day.

News URL

https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/