North Korea used zero-day vulnerability in Internet Explorer to attack South Korea – Google

North Korea used zero-day vulnerability in Internet Explorer to attack South Korea - Google

Google’s Threat Analysis Group (TAG) reported that North Korea actively exploited a zero-day vulnerability in Internet Explorer in October 2022. The attack was targeted at South Korean users. It was carried out by injecting malware into documents related to the recent mass stampede in Seoul during the Halloween celebration.

Support for Internet Explorer was completely discontinued this summer, and users were advised to switch to Microsoft Edge. However, as TAG explains, Office still uses the IE engine to execute JavaScript. This enabled the attack on computers running Windows 7-11 and Windows Server 2008-2022 that did not have the November 2022 security update installed.

TAG became aware of the vulnerability when malicious Microsoft Office documents titled Seoul Yongsan Itaewon accident response situation (06:00).docx were uploaded to VirusTotal on October 31, 2022. The document used an Internet Explorer zero-day vulnerability in jscript9.dll, the JavaScript engine of Internet Explorer. This vulnerability could be used to deliver malware or malicious code when displaying a site controlled by an attacker.

The attack is believed to be the work of APT37, a group backed by the North Korean government. The group has previously used similar Internet Explorer zero-day exploits in targeted attacks against North Korean defectors, politicians, journalists, human rights activists, and South Korean IE users.



Master Excel in just 1.5 months and increase the efficiency of business processes in your company.


Microsoft reported the vulnerability within hours of its discovery on October 31, and the company patched the vulnerability on November 8.

Source: The Verge

Related Posts

Binance has stopped transferring US dollars since February 8

Binance is introducing a temporary limit on deposits and withdrawals in USD, which will take effect as early as February 8, 2023. We help “We are temporarily…

“Nova Poshta” opened a co-working office in Kyiv

The company “Nova poshta” has started testing a new format of branches in Kyiv. She combined the cargo compartment with a small co-working space for work. Now…

“History of Ukrainian IT” is a new documentary about the development and achievements of the industry over the past 30 years

The Minister of Digital Transformation of Ukraine Mykhailo Fedorov presented a documentary film about the history of Ukrainian IT. In the 46-minute long tape, the direct participants…

Asolytics is the first Ukrainian ASO service for the promotion of applications, which allows you to abandon Russian analogues

The Tonti Laguna team (part of the Netpeak Group of IT companies) launched the first Ukrainian ASO service called Asolytics. The goal of App Store Optimization (ASO)…

Odyssey OLED G8 pre-orders have started in the US — Samsung’s first gaming OLED monitor costs $1,499

Samsung first unveiled the Odyssey OLED G8 at IFA 2022 in August, and it’s the company’s first gaming monitor with a QD-OLED quantum dot display. The 34-inch…

The highest dam in Europe is covered with 5 thousand solar panels – they will produce almost 3.3 GWh of electricity per year

A wall of solar panels has been erected on the lake Muttsee dam in Switzerland as the landlocked country seeks to maximize its production of clean energy…

Leave a Reply

Your email address will not be published. Required fields are marked *