North Korean hackers are responsible for an Internet Explorer zero-day vulnerability attack, as reported. Google’s Threat Analysis Group initially made this information available to the general public.
According to sources, the alleged virus is mostly used by North Korean agents to attack South Korean victims.
A zero-day vulnerability is a system or device flaw that has been publicly disclosed but has not yet been patched. An exploit that targets a zero-day vulnerability is known as a zero-day exploit. The suspected hackers spread malware using the Explorer zero-day by masking it as a controversial paper.
Google’s Threat Analysis Group (TAG) identified the vulnerability in late October. It has been established that it was added to malicious documents and used to target people in South Korea. TAG connects this conduct to APT37, a group of actors with support from the North Korean government.
These malicious pages were made using the Internet Explorer 0-day vulnerability CVE-2022-41128 in the JScript engine.
TAG claims that APT37 has previously used Internet Explorer 0-day exploits to target victims. The group has previously targeted South Korean users, North Korean defectors, decision-makers, journalists, and advocates for human rights.
Hackers Conceal Victims With Fake Itaewon Incident Documents
Through a Microsoft Office document posted to VirusTotal in late October, numerous South Korean users informed TAG about the new threat.
This strategy has been used to disseminate IE exploits through Office files since 2017, according to Clement Lecigne and Benoit Sevens of the Google TAG team.
It is not necessary for the victim to use Internet Explorer as its primary browser or to link the exploit with an EPM sandbox escape in order for this vector to deliver IE exploits.