7.7 C
London
Monday, January 30, 2023

North Korean hackers exploited Internet Explorer zero-day to spread malware • londonbusinessblog.com

Must read

Police looking for man who threw Molotov cocktail at New Jersey temple

Police are looking for a man who threw a Molotov cocktail at a New Jersey temple early Sunday morning.The man threw the flammable device...

Check out these emulated calculators on the Internet Archive

The Internet Archive calls this new collection the calculator drawer. There are 14 calculators to choose from, including the HP 48GX, TI-82, TI-83...

Inflation Tips for Startups – Top 11

In October 2022, the Consumer price index increased by 7.7% from the same time last year. Prices for shelter, food and gas are...

Bobby Maze- Wiki, age, height, net worth, girlfriend, ethnicity

bobby maze is a former basketball player from the United States. He was a member of the Tennessee Volunteers. He was a...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

North Korean state-sponsored hackers exploited a previously unknown zero-day vulnerability in Internet Explorer to target South Korean users with malware, according to Google’s Threat Analysis Group.

Google researchers first discovered the zero-day flaw on Oct. 31 when several individuals uploaded a malicious Microsoft Office document to the company’s VirusTotal tool. These documents are said to be government reports related to the Itaewon tragedy, a crowd-pulling that occurred during Halloween festivities in Seoul’s Itaewon neighborhood. At least 158 ​​people were killed and 196 others were injured.

“This incident was widely publicized and the lure is benefiting from widespread public interest in the accident,” said Google TAG’s Clement Lecigne and Benoit Stevens on Wednesday.

The malicious documents are designed to exploit a zero-day vulnerability in Internet Explorer’s scripting engine, tracked as CVE-2022-41128 with a CVSS severity score of 8.8. Once opened, the document would deliver an unknown payload after downloading a rich text file (RTF) remote template that would display remote HTML using Internet Explorer. Although Internet Explorer was officially retired in June and replaced by Microsoft Edge, Office still uses the IE engine to execute the JavaScript that enables the attack.

“This technique has been widely used since 2017 to distribute IE exploits through Office files,” said Lecigne and Stevens. “Delivering IE exploits through this vector has the advantage that the target does not require Internet Explorer to be used as the default browser.”

The researchers added that Google reported the vulnerability to Microsoft on Oct. 31 before patching it a week later as part of Microsoft’s November 2022 Patch Tuesday security updates.

Google has attributed the activity to a North Korean-backed hacking group known as APT37, which has been active since at least 2012 and has previously been observed exploiting zero-day flaws to target South Korean users, North Korean defectors, policymakers , journalists and human rights activists. Cybersecurity firm FireEye previously said it judged with “high confidence” that APT37 activity is being conducted on behalf of the North Korean government, noting that the group’s primary mission is “to covert intelligence gathering in support of strategic military, political and economic interests of North Korea.”

While Google researchers didn’t get a chance to analyze the malware APT37 hackers tried to deploy against their targets, they note that the group is known for using a wide variety of malicious software.

“While we have not recovered a definitive shipment for this campaign, we have previously seen the same group deliver several implants such as ROKRAT, BLUELIGHT and DOLPHIN,” said Lecigne and Stevens. “APT37 implants typically exploit legitimate cloud services as a C2 channel and provide capabilities typical of most backdoors.”

The Google TAG investigation comes after researchers from threat intelligence firm Cisco Talos revealed that the North Korean state-sponsored Lazarus hacking group – also known as APT38 – is exploiting the Log4Shell vulnerability to target energy suppliers in the United States, Canada and Japan.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Police looking for man who threw Molotov cocktail at New Jersey temple

Police are looking for a man who threw a Molotov cocktail at a New Jersey temple early Sunday morning.The man threw the flammable device...

Check out these emulated calculators on the Internet Archive

The Internet Archive calls this new collection the calculator drawer. There are 14 calculators to choose from, including the HP 48GX, TI-82, TI-83...

Inflation Tips for Startups – Top 11

In October 2022, the Consumer price index increased by 7.7% from the same time last year. Prices for shelter, food and gas are...

Bobby Maze- Wiki, age, height, net worth, girlfriend, ethnicity

bobby maze is a former basketball player from the United States. He was a member of the Tennessee Volunteers. He was a...

aka Wednesday Addams on ‘Addams Family’

Known from moviesThe Addams family (1964-1966)as Wednesday AddamsAs the World Changes (1981)as Cricket MontgomeryBlood Madness (1987)as DoryDeath Feud (1987)as RoxeyShort...