Security News > 2022 > December > Google: State hackers still exploiting Internet Explorer zero-days
Google's Threat Analysis Group revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability to infect South Korean targets with malware.
Once opened on the victims' devices, the document would deliver an unknown payload after downloading a rich text file remote template that would render remote HTML using Internet Explorer.
The vulnerability is due to a weakness in the JavaScript engine of Internet Explorer, which allows threat actors who successfully exploit it to execute arbitrary code when rendering a maliciously crafted website.
While Google TAG couldn't analyze the final malicious payload distributed by the North Korean hackers on their South Korean targets' computers, the threat actors are known for deploying a wide range of malware in their attacks.
"Although we did not recover a final payload for this campaign, we've previously observed the same group deliver a variety of implants like ROKRAT, BLUELIGHT, and DOLPHIN," Google TAG's Clement Lecigne and Benoit Stevens said.
The threat group is known for focusing its attacks on individuals of interest to the North Korean regime, including dissidents, diplomats, journalists, human rights activists, and government employees.
News URL
Related news
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver (source)
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Miscreants are exploiting enterprise tech zero days more and more, Google warns (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Zero-day exploitation surged in 2023, Google finds (source)
- Google fixes two Pixel zero-day flaws exploited by forensics firms (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)