North Korean hackers used an IE vulnerability to target South Koreans after Halloween tragedy




  • In World
  • 2022-12-07 18:51:59Z
  • By Engadget
 

In the aftermath of the Itaewon Halloween crowd crush that killed at least 158 people, North Korea's APT37 state-sponsored hacking group took advantage of a previously unknown Internet Explorer vulnerability to install malware on the devices of South Koreans who were trying to find out about the tragedy, according to Google's Threat Analysis Group. The team became aware of the recent attack on October 31st after multiple South Koreans uploaded a malicious Microsoft Office document to the company's VirusTotal tool.

APT37 took advantage of national interest in the Itaewon tragedy by referencing the event in an official-looking document. Once someone opened the doc on their device, it would download a rich text file remote template that would, in turn, render remote HTML using Internet Explorer. According to Google, this is a technique that has been widely used to distribute exploits since 2017, as it allows hackers to take advantage of vulnerabilities in Internet Explorer even if someone isn't using IE as their default web browser.

The JavaScript vulnerability APT37 took advantage of allowed the group to execute arbitrary code. Google informed Microsoft of the zero-day on the same day it became aware of it. On November 8th, Microsoft released a software update to address the exploit. "We'd be remiss if we did not acknowledge the quick response and patching of this vulnerability by the Microsoft team," Google said.

While the TAG team didn't get a chance to analyze the final malware APT37 hackers attempted to deploy against their targets, it notes the group is known for using a wide variety of malicious software, including ROKRAT, BLUELIGHT and DOLPHIN. "TAG also identified other documents likely exploiting the same vulnerability and with similar targeting, which may be part of the same campaign," the team added.

This isn't the first time Google's Threat Analysis Group has thwarted an attack by North Korean hackers. At the start of 2021, the team detailed a campaign that targeted security researchers. More recently, the team worked with the Chrome team to address a vulnerability that was used by two North Korean hacking cadres to execute remote code.

COMMENTS

More Related News

North Korean leader Kim encourages troops with daughter
North Korean leader Kim encourages troops with daughter
  • World
  • 2023-02-08 01:22:23Z

North Korean leader Kim Jong Un lauded the "irresistible might" of his nuclear-armed military as he visited troops with his daughter to mark the 75th...

North Korea Readies Military Parade as Kim Boosts Nuclear Arms
North Korea Readies Military Parade as Kim Boosts Nuclear Arms
  • World
  • 2023-02-08 00:17:15Z

(Bloomberg) -- North Korea appears to be staging its first military parade in almost a year, providing leader Kim Jong Un a platform to show off his latest...

Cybercriminals swiped nearly $4 billion in cryptocurrency last year
Cybercriminals swiped nearly $4 billion in cryptocurrency last year
  • World
  • 2023-02-07 23:25:00Z

Criminals with ties to North Korea helped create "the biggest year ever for crypto hacking" in 2022, according to Chainalysis.

Kim Jong-un orders N. Korean military to prepare for war after month-long absence
Kim Jong-un orders N. Korean military to prepare for war after month-long absence
  • World
  • 2023-02-07 22:22:50Z

The North Korean leader ordered his military to expand combat exercises and intensify their operation and combat drills as tensions have risen in the Korean ...

Microsoft to revamp its web browser and search engine with more AI, as Google rivalry heats up
Microsoft to revamp its web browser and search engine with more AI, as Google rivalry heats up

Microsoft Corp is revamping its Bing search engine and Edge web browser with artificial intelligence, the company said on Tuesday, in one of its biggest...

Leave a Comment

Your email address will not be published. Required fields are marked with *

Cancel reply

Comments

Top News: World