Security News > 2022 > December > North Korea hits new low by using Seoul Halloween tragedy to exploit Internet Explorer zero-day

North Korea has hit a new low, using the death of over 150 people to exploit a zero-day flaw in Internet Explorer.
South Korea declared a week of national mourning after the incident.
Because Office renders this HTML content using Internet Explorer.
Internet Explorer has of course been deprecated but is still present on many PCs. Quite possibly more PCs in South Korea than elsewhere given some of the nation's government websites relied on legacy Microsoft browser technologies until 2021.
North Korea stands accused of using cyber-ops to steal data, money, and whatever else it can get its hands on.
Far from atypical for North Korea's government, which those of you with a strong stomach can learn about in horrifying detail in this searing United Nations report that details the regime's excesses.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/08/north_korea_seoul_tragedy_exploit/
Related news
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet (source)
- FBI officially fingers North Korea for $1.5B Bybit crypto-burglary (source)
- $1.5B Bybit Hack is Linked to North Korea, FBI Says, in Potentially the Largest Crypto Heist Ever (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- China, Russia, Iran, and North Korea Intelligence Sharing (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)