Google Suspects North Korean Hackers Exploited Zero-Day in Internet Explorer - PCMag

Google is blaming North Korean hackers for exploiting a antecedently chartless vulnerability successful Microsoft’s Internet Explorer to dispersed malware to victims successful South Korea. 

The institution learned of the vulnerability connected Oct. 31 erstwhile users began submitting a malicious papers to Google’s Virustotal service, which tin cheque files for malware. The malicious papers was astir the tragic “crowd crush(Opens successful a caller window)” incidental that occurred 2 days earlier successful Itaewon, South Korea, wherever astatine slightest 158 radical died during Halloween festivities. 

(Credit: Google)

The malicious papers was dressed up to look similar an authoritative authorities connection astir the tragedy. But successful reality, the record was booby-trapped to exploit a caller vulnerability successful Internet Explorer apt susceptible of loading a backdoor connected the victim’s computer. 

The onslaught whitethorn look irrelevant since Internet Explorer is officially dead and barely used(Opens successful a caller window). However, the hackers designed the malicious papers to fetch distant HTML content. If the papers is opened with Microsoft Office, the bundle volition render the HTML contented utilizing Internet Explorer

“This method has been wide utilized to administer IE exploits via Office files since 2017,” Google information researchers wrote(Opens successful a caller window) successful a blog station connected Wednesday. “Delivering IE exploits via this vector has the vantage of not requiring the people to usage Internet Explorer arsenic its default browser.”

Google probe recovered that hackers were abusing a antecedently chartless zero-day vulnerability successful the JavaScript motor for Internet Explorer to execute rogue machine codification connected victims' computers. The institution failed to uncover the last payload successful the attack, but has attributed the malicious papers to a North Korean hacking radical dubbed APT37, which is known for spreading respective kinds of backdoors that tin hijack a computer. Google didn't accidental however it attributed the malicious documents to the North Korean hackers, though.

The bully quality is that Microsoft was quick to patch(Opens successful a caller window) the flaw connected Nov. 8 aft Google flagged the vulnerability. It’s besides important to enactment that Microsoft Office could lone trigger the vulnerability if the idiosyncratic disabled “Protected View(Opens successful a caller window)” connected the papers and enabled editing.

In the meantime, Google is warning: “This is not the archetypal time(Opens successful a caller window) APT37 has utilized Internet Explorer zero-day exploits to people users. The radical has historically focused their targeting connected South Korean users, North Korean defectors, argumentation makers, journalists and quality rights activists.”