• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
google unearths internet explorer zero day exploited by north korean

Google unearths Internet Explorer zero day exploited by North Korean hackers

You are here: Home / General Cyber Security News / Google unearths Internet Explorer zero day exploited by North Korean hackers
December 8, 2022

Shutterstock

Google’s cyber security team has identified a zero-day exploit for an Internet Explorer vulnerability that was utilized to target customers in South Korea.

The tech giant’s Danger Investigation Team (TAG) produced the discovery in October 2022 and observed malware embedded in files that have been emailed to targets. The hidden malware residing in the files exploited a vulnerability in the browser’s JScript motor, tracked as CVE-2022-41128. 

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


TAG attributed the attacks to APT37, a known risk group that is has attributed to North Korean point out-sponsored hackers. It stated that APT37 has applied Internet Explorer zero-days in the past to focus on consumers, and tends to concentrate on those people based in South Korea which includes journalists, human rights activists, and North Korean defectors. 

The malware-laden doc was titled “221031 Seoul Yongsan Itaewon incident reaction situation (06:00).docx”, which Google explained was trying to take benefit of general public curiosity in an accident, a Halloween group crush, that took spot in South Korea in Oct.

Several submitters from South Korea flagged the malware to Google’s TAG by uploading this Microsoft Office document to VirusTotal, a site Google owns that analyses suspicious files, domains, or URLs.

Researchers located that the doc downloaded a rich text file (RTF) distant template which then went on to fetch HTML content.

“Because Office environment renders this HTML articles employing Internet Explorer (IE), this method has been widely utilized to distribute IE exploits by using Place of work documents because 2017 (e.g. CVE-2017-0199),” reported TAG. “Delivering IE exploits by way of this vector has the gain of not demanding the focus on to use Internet Explorer as its default browser, nor to chain the exploit with an EPM sandbox escape.”

“The vulnerability resides within just “jscript9.dll”, the JavaScript motor of Internet Explorer, and can be exploited to execute arbitrary code when rendering an attacker-managed site,” reported TAG. “The bug itself is an incorrect JIT optimisation issue foremost to a type confusion and is very very similar to CVE-2021-34480, which was determined by Task Zero and patched in 2021.”

TAG informed Microsoft of the vulnerability on 31 October 2022, and it was then assigned the CVE-2022-41128 tracking code. Five times later on, on 8 November 2022, the vulnerability was patched.

Microsoft has fixed Internet Explorer bugs in the previous that had been previously exploited by North Korean hackers. The flaw, learned in March 2021, was made use of to concentrate on security researchers through a memory corruption vulnerability which enabled hackers to operate malware on a victim’s Computer. It did this by encouraging them to accessibility a destructive web-site.

In September 2021, Microsoft also had to issue a further deal with for a zero-working day vulnerability embedded in the browser that powers legacy Internet Explorer. It was a distant code execution flaw embedded in the MSHTML browser engine which permitted hackers to create a malicious ActiveX manage which was employed by a Microsoft Business doc hosting the engine. The attackers would then tempt victims into opening the document.


Some elements of this write-up are sourced from:
www.itpro.co.uk

Previous Post: «apple boosts security with new imessage, apple id, and icloud Apple Boosts Security With New iMessage, Apple ID, and iCloud Protections
Next Post: Pet Dog Unmasks Drug Trafficker on Encrypted Chat Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.