Google’s Threat Analysis Group (TAG) reported that North Korea actively exploited a zero-day vulnerability in Internet Explorer in October 2022. The attack was targeted at South Korean users. It was carried out by injecting malware into documents related to the recent mass stampede in Seoul during the Halloween celebration.

Support for Internet Explorer was completely discontinued this summer, and users were advised to switch to Microsoft Edge. However, as TAG explains, Office still uses the IE engine to execute JavaScript. This enabled the attack on computers running Windows 7-11 and Windows Server 2008-2022 that did not have the November 2022 security update installed.

TAG became aware of the vulnerability when malicious Microsoft Office documents titled Seoul Yongsan Itaewon accident response situation (06:00).docx were uploaded to VirusTotal on October 31, 2022. The document used an Internet Explorer zero-day vulnerability in jscript9.dll, the JavaScript engine of Internet Explorer. This vulnerability could be used to deliver malware or malicious code when displaying a site controlled by an attacker.

The attack is believed to be the work of APT37, a group backed by the North Korean government. The group has previously used similar Internet Explorer zero-day exploits in targeted attacks against North Korean defectors, politicians, journalists, human rights activists, and South Korean IE users.

Course

EXCEL FOR BUSINESS

Master Excel in just 1.5 months and increase the efficiency of business processes in your company.

REGISTER!

Microsoft reported the vulnerability within hours of its discovery on October 31, and the company patched the vulnerability on November 8.

Source: The Verge