Cybersecurity researchers from Google’s Threat Analysis Group (TAG) have discovered a zero-day vulnerability in the Internet Explorer (IE) browser (opens in new tab) being exploited by a well-known North Korean threat actor.
In a blog post (opens in new tab) detailing its findings, the group said it spotted the APT37 (AKA Erebus) group, targeting individuals in South Korea with a weaponized Microsoft Word file.
The file is titled “221031 Seoul Yongsan Itaewon accident response situation (06:00).docx”, which is a reference to the recent tragedy that took place in Itaewon, Seoul, during this year’s Halloween celebration, where at least 158 people lost their lives, with another 200 injured. Apparently, the attackers wanted to take advantage of the public and media attention the incident got.
Abusing old flaws
After analyzing the document being distributed, TAG found it downloading a rich text file (RTF) remote template to the target endpoint, which then grabs remote HTML content. Microsoft may have retired Internet Explorer and replaced it with Edge, but Office still renders HTML content using IE, which is a known fact threat actors have been abusing since at least 2017, TAG said.
Now that Office renders HTML content with IE, the attackers can abuse the zero-day they discovered in IE’s JScript engine.
The team found the flaw in “jscript9.dll”, the JavaScript engine of Internet Explorer, which allowed threat actors to execute arbitrary code when rendering a website under their control.
Microsoft was tipped off on October 31 2022, with the flaw labeled CVE-2022-41128 three days later, and a patch being released on November 8.
While the process so far only compromises the device, TAG did not discover to what end. It did not find the final APT37’s payload for this campaign, it said, but added that the group was observed in the past delivering malware such as Rokrat, Bluelight, or Dolphin.
Via: The Verge (opens in new tab)
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba