IE is still a vector: South Koreans lured in with references to the deadly Halloween celebration crowd crush in Seoul last October.
North Korean threat group APT37 was able to exploit an Internet Explorer zero-day vulnerability to deploy documents loaded with malware as part of its ongoing campaign targeting users in South Korea, including defectors, journalists, and human rights groups.
Google's Threat Analysis Group (TAG) found the zero-day flaw in the Internet Explorer JScript engine in late October, tracked under CVE-2022-41128, and now reports that Microsoft was responsive and has issued applicable patches.
To lure in potential victims, the malicious documents referenced the deadly crowd crushing incident in Seoul that happened during Halloween celebrations on Oct. 29.
"This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident," the TAG team reported. "This is not not the first time APT37 has used Internet Explorer 0-day exploits to target users."
About the Author(s)
You May Also Like
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024