The Internet Explorer net browser was formally retired again in June earlier this 12 months and has since been changed by Microsoft Edge. However, as TAG’s technical evaluation explains, Office continues to be utilizing the IE engine to execute the JavaScript that allows the assault, which is why it labored on Windows 7 by 11 and Windows Server 2008 by 2022 machines that haven’t put in new November 2022 safety updates.
TAG grew to become conscious of the vulnerability when the malicious Microsoft Office paperwork titled “221031 Seoul Yongsan Itaewon accident response situation (06:00).docx” have been uploaded to VirusTotal on October thirty first, 2022. The paperwork took benefit of widespread publicity over the tragedy in Itaewon on October twenty ninth during which 151 individuals misplaced their lives in a crowd crush throughout a Halloween celebration in Seoul.
The assault is believed to be the work of a gaggle of North Korean government-backed actors generally known as APT37
The doc exploited an Internet Explorer zero-day vulnerability discovered inside “jscript9.dll,” the JavaScript engine of Internet Explorer, which may very well be used to ship malware or malicious code when rendering an internet site managed by the attacker. TAG attributes the assault to a gaggle of North Korean government-backed actors generally known as APT37, which has beforehand used comparable Internet Explorer zero-day exploits in focused assaults in opposition to North Korean defectors, policymakers, journalists, human rights activists, and South Korean IE customers generally.
TAG says inside the blog post that it “did not recover a final payload for this campaign” however notes that it beforehand noticed APT37 utilizing comparable exploits to ship malware equivalent to Rokrat, Bluelight, and Dolphin. In this occasion, the vulnerability was reported to Microsoft inside hours of its discovery on October thirty first and was patched out on November eighth.
#North #Korea #Internet #Explorer #vulnerability #goal #South #Koreans