Security News > 2022 > December > Google: State hackers still exploiting Internet Explorer zero-days

Google's Threat Analysis Group revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability to infect South Korean targets with malware.
Once opened on the victims' devices, the document would deliver an unknown payload after downloading a rich text file remote template that would render remote HTML using Internet Explorer.
The vulnerability is due to a weakness in the JavaScript engine of Internet Explorer, which allows threat actors who successfully exploit it to execute arbitrary code when rendering a maliciously crafted website.
While Google TAG couldn't analyze the final malicious payload distributed by the North Korean hackers on their South Korean targets' computers, the threat actors are known for deploying a wide range of malware in their attacks.
"Although we did not recover a final payload for this campaign, we've previously observed the same group deliver a variety of implants like ROKRAT, BLUELIGHT, and DOLPHIN," Google TAG's Clement Lecigne and Benoit Stevens said.
The threat group is known for focusing its attacks on individuals of interest to the North Korean regime, including dissidents, diplomats, journalists, human rights activists, and government employees.
News URL
Related news
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google’s Sec-Gemini v1 Takes on Hackers & Outperforms Rivals by 11% (source)