• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google says North Korea targeted an Internet Explorer zero-day vulnerability

PCHF IT Feeds

PCHF Tech News
PCHF Bot
Jan 10, 2015
49,808
26
pchelpforum.net
Cybersecurity researchers from Google’s Threat Analysis Group (TAG) have discovered a zero-day vulnerability in the Internet Explorer (IE) browser being exploited by a well-known North Korean threat actor.

In a blog post detailing its findings, the group said it spotted the APT37 (AKA Erebus) group, targeting individuals in South Korea with a weaponized Microsoft Word file.

The file is titled “221031 Seoul Yongsan Itaewon accident response situation (06:00).docx”, which is a reference to the recent tragedy that took place in Itaewon, Seoul, during this year’s Halloween celebration, where at least 158 people lost their lives, with another 200 injured. Apparently, the attackers wanted to take advantage of the public and media attention the incident got.

Abusing old flaws​


After analyzing the document being distributed, TAG found it downloading a rich text file (RTF) remote template to the target endpoint, which then grabs remote HTML content. Microsoft may have retired Internet Explorer and replaced it with Edge, but Office still renders HTML content using IE, which is a known fact threat actors have been abusing since at least 2017, TAG said.

Now that Office renders HTML content with IE, the attackers can abuse the zero-day they discovered in IE’s JScript engine.

Read more

> This new Windows malware scans your phone to steal data

> North Korean hackers return with updated version of this dangerous malware

> Here are the best endpoint protection tools right now


The team found the flaw in “jscript9.dll”, the JavaScript engine of Internet Explorer, which allowed threat actors to execute arbitrary code when rendering a website under their control.

Microsoft was tipped off on October 31 2022, with the flaw labeled CVE-2022-41128 three days later, and a patch being released on November 8.

While the process so far only compromises the device, TAG did not discover to what end. It did not find the final APT37’s payload for this campaign, it said, but added that the group was observed in the past delivering malware such as Rokrat, Bluelight, or Dolphin.


Via: The Verge

Continue reading...