Google’s Risk Evaluation Group (TAG) at the moment revealed {that a} group of North Korean hackers tracked as APT37 have exploited a beforehand unknown vulnerability in Web Explorer (often called zero-day) to contaminate South Korean targets with malware.
Google TAG grew to become conscious of this latest assault on October 31 when a number of VirusTotal customers from South Korea downloaded a malicious Microsoft Workplace doc named “221031 Seoul Yongsan Itaewon accident response scenario (06:00).docx”.
As soon as opened on victims’ gadgets, the doc would ship an unknown payload after downloading a distant Wealthy Textual content File (RTF) template that will render the HTML remotely utilizing Web Explorer.
Remotely loading the HTML content material that delivered the exploit permits attackers to take advantage of zero-day IE even when the targets weren’t utilizing it as their default internet browser.
The vulnerability (recognized as CVE-2022-41128) is because of a weak point in Web Explorer’s JavaScript engine, which permits hackers who efficiently exploit it to execute arbitrary code when rendering a maliciously crafted web site. malicious.
Microsoft patched it in final month’s Patch Tuesday, November 8, 5 days after assigning it a CVE following a TAG report acquired on October 31.
No details about malware delivered to victims’ gadgets
Whereas Google TAG was unable to investigate the ultimate malicious payload distributed by North Korean hackers on the computer systems of their South Korean targets, risk actors are identified to deploy a wide selection of malware of their assaults. .
“Though we didn’t decide up a closing payload for this marketing campaign, we have now already noticed the identical group delivering a wide range of implants like ROKRAT, BLUELIGHT and DOLPHIN,” mentioned Clément Lecigne and Benoit Stevens of Google TAG.
“APT37 implants sometimes abuse authentic cloud providers as a C2 channel and supply performance typical of most backdoors.”
APT37 has been lively for a few decade, since at the least 2012, and was beforehand tied to the North Korean authorities in excessive belief by FireEye.
The threatening group is thought to focus its assaults on folks of curiosity to the North Korean regime, together with dissidents, diplomats, journalists, human rights activists and authorities staff.
Supply : https://information.google.com/__i/rss/rd/articles/CBMicWh0dHBzOi8vd3d3LmJsZWVwaW5nY29tcHV0ZXIuY29tL25ld3Mvc2VjdXJpdHkvZ29vZ2xlLXN0YXRlLWhhY2tlcnMtc3RpbGwtZXhwbG9pdGluZy1pbnRlcm5ldC1leHBsb3Jlci16ZXJvLWRheXMv0gF1aHR0cHM6Ly93d3cuYmxlZXBpbmdjb21wdXRlci5jb20vbmV3cy9zZWN1cml0eS9nb29nbGUtc3RhdGUtaGFja2Vycy1zdGlsbC1leHBsb2l0aW5nLWludGVybmV0LWV4cGxvcmVyLXplcm8tZGF5cy9hbXAv?oc=5
