Security News > 2021 > February > Hacking group also used an IE zero-day against security researchers
An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers.
Last month, Google disclosed that the North Korean state-sponsored hacking group known as Lazarus was conducting social engineering attacks against security researchers.
To perform their attacks, the threat actors created elaborate online 'security researcher' personas that would then use social media to contact well-known security researchers to collaborate on vulnerability and exploit development.
Today, South Korean cybersecurity firm ENKI reported that Lazarus targeted security researchers on their team with MHTML files in this social engineering campaign.
The MHT file sent to ENKI researchers contained what was allegedly a Chrome 85 RCE exploit and was named 'Chrome 85 RCE Full Exploit Code.mht.
Acros CEO and 0patch co-founder Mitja Kolsek told BleepingComputer that he was able to reproduce the Internet Explorer zero-day PoC reported by ENKI. Based on tweets from other security researchers, ENKI told BleepingComputer that they believe other researchers know of this IE 11 zero-day.
News URL
Related news
- Germany drafts law to protect researchers who find security flaws (source)
- Microsoft launches Zero Day Quest hacking event with $4 million in rewards (source)
- Microsoft announces Zero Day Quest hacking event with big rewards (source)
- Zero-day data security (source)
- MUT-1244 targeting security researchers, red teamers, and threat actors (source)