Within the aftermath of the that killed at the least 158 folks, North Korea’s APT37 state-sponsored hacking group took benefit of a beforehand unknown Web Explorer vulnerability to put in malware on the units of South Koreans who had been looking for out in regards to the tragedy, . The workforce turned conscious of the current assault on October thirty first after a number of South Koreans uploaded a malicious Microsoft Workplace doc to the corporate’s device.
APT37 took benefit of nationwide curiosity within the Itaewon tragedy by referencing the occasion in an official-looking doc. As soon as somebody opened the doc on their gadget, it could obtain a wealthy textual content file distant template that may, in flip, render distant HTML utilizing Web Explorer. In accordance with Google, this can be a method that has been broadly used to distribute exploits since 2017, because it permits hackers to reap the benefits of vulnerabilities in Web Explorer even when somebody isn’t utilizing IE as their default internet browser.
The JavaScript vulnerability APT37 took benefit of allowed the group to execute arbitrary code. Google knowledgeable Microsoft of the zero-day on the identical day it turned conscious of it. On November eighth, Microsoft launched a software program replace to handle the exploit. “We’d be remiss if we didn’t acknowledge the fast response and patching of this vulnerability by the Microsoft workforce,” Google stated.
Whereas the TAG workforce didn’t get an opportunity to investigate the ultimate malware APT37 hackers tried to deploy towards their targets, it notes the group is thought for utilizing all kinds of malicious software program, together with ROKRAT, BLUELIGHT and DOLPHIN. “TAG additionally recognized different paperwork seemingly exploiting the identical vulnerability and with related concentrating on, which can be a part of the identical marketing campaign,” the workforce added.
This isn’t the primary time Google’s Menace Evaluation Group has thwarted an assault by North Korean hackers. In the beginning of 2021, the workforce detailed a marketing campaign that . Extra lately, the workforce labored with the Chrome workforce to handle a vulnerability that was utilized by two North Korean hacking cadres to execute distant code.