Security News > 2022 > December > Google: State hackers still exploiting Internet Explorer zero-days

Google's Threat Analysis Group revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability to infect South Korean targets with malware.
Once opened on the victims' devices, the document would deliver an unknown payload after downloading a rich text file remote template that would render remote HTML using Internet Explorer.
The vulnerability is due to a weakness in the JavaScript engine of Internet Explorer, which allows threat actors who successfully exploit it to execute arbitrary code when rendering a maliciously crafted website.
While Google TAG couldn't analyze the final malicious payload distributed by the North Korean hackers on their South Korean targets' computers, the threat actors are known for deploying a wide range of malware in their attacks.
"Although we did not recover a final payload for this campaign, we've previously observed the same group deliver a variety of implants like ROKRAT, BLUELIGHT, and DOLPHIN," Google TAG's Clement Lecigne and Benoit Stevens said.
The threat group is known for focusing its attacks on individuals of interest to the North Korean regime, including dissidents, diplomats, journalists, human rights activists, and government employees.
News URL
Related news
- Google fixes Android kernel zero-day exploited in attacks (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)