Security News > 2022 > December > Google: State hackers still exploiting Internet Explorer zero-days
Google's Threat Analysis Group revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability to infect South Korean targets with malware.
Once opened on the victims' devices, the document would deliver an unknown payload after downloading a rich text file remote template that would render remote HTML using Internet Explorer.
The vulnerability is due to a weakness in the JavaScript engine of Internet Explorer, which allows threat actors who successfully exploit it to execute arbitrary code when rendering a maliciously crafted website.
While Google TAG couldn't analyze the final malicious payload distributed by the North Korean hackers on their South Korean targets' computers, the threat actors are known for deploying a wide range of malware in their attacks.
"Although we did not recover a final payload for this campaign, we've previously observed the same group deliver a variety of implants like ROKRAT, BLUELIGHT, and DOLPHIN," Google TAG's Clement Lecigne and Benoit Stevens said.
The threat group is known for focusing its attacks on individuals of interest to the North Korean regime, including dissidents, diplomats, journalists, human rights activists, and government employees.
News URL
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)