A North Korean APT exploited a zero-day in Internet Explorer

21 October 2024 2 minutes Author: Newsman

A North Korean APT group used a zero-day vulnerability in Internet Explorer to attack its supply chain, according to AhnLab and South Korea’s National Cyber ​​Security Center.

  • A North Korean hacking group known as APT37 (other names: RedEyes, Reaper, ScarCruft) exploited a recent zero-day vulnerability in Internet Explorer to attack the supply chain of an advertising agency in South Korea. The vulnerability, identified as CVE-2024-38178, allows arbitrary code execution on systems via a vulnerable WebView component in Edge that uses the Internet Explorer engine.
  • The vulnerability was patched by Microsoft on August 13, 2024, but the attack began earlier, due to malicious ad scripts that were launched without user interaction. From the time it was discovered until it was patched, the attack caused significant damage to users using the Toast advertising platform. APT37, which has been carrying out attacks targeting South Korean activists, journalists and politicians for more than a decade, has again confirmed its activity.

APT37 is known for exploiting zero-day vulnerabilities to carry out cyber attacks. The group has been tracked for more than a decade, and its main targets are often South Korean citizens. The latest IE attack once again proved that even after Internet Explorer is no longer supported, vulnerable components can still be active in various applications.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.