Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers

Dec 8, 2022 by iHash Leave a Comment

Dec 08, 2022Ravie LakshmananPatch Management / Zero-Day

An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware.

The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is also called APT37, InkySquid, Reaper, and Ricochet Chollima.

“The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists, and human rights activists,” TAG said in a Thursday analysis.

The new findings illustrate the threat actor’s continued abuse of Internet Explorer flaws such as CVE-2020-1380 and CVE-2021-26411 to drop backdoors like BLUELIGHT and Dolphin, the latter of which was disclosed by Slovak cybersecurity firm ESET late last month.

Another key tool in its arsenal is RokRat, a Windows-based remote access trojan that comes with a wide range of functions that allow it to capture screenshots, log keystrokes, and even harvest Bluetooth device information.

The attack chain observed by Google TAG entails the use of a malicious Microsoft Word document that was uploaded to VirusTotal on October 31, 2022. It abuses yet another Internet Explorer zero-day flaw in the JScript9 JavaScript engine, CVE-2022-41128, that was patched by Microsoft last month.

The file references the October 29 incident that took place in the Itaewon neighborhood of Seoul and exploits public interest in the tragedy to retrieve an exploit for the vulnerability upon opening it. The attack is enabled by the fact that Office renders HTML content using Internet Explorer.

Successful exploitation is followed by the delivery of a shellcode that wipes all traces by clearing the Internet Explorer cache and history as well as downloading the next stage payload.

Google TAG said it could not recover the follow-on malware used in the campaign, although it’s suspected to have involved the deployment of RokRat, BLUELIGHT, or Dolphin.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Source link

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

The Power of Relationships: Executive Buy-In and Security Culture for Bolstering Resilience

“Where do we start?” This is the question every CISO asks about every new program. In fact, I ask and answer that question many times a month. There’s a reason for this, of course. A strong start to any project builds momentum, reassures stakeholders, and sets the stage for what’s to come. Security resilience initiatives […]

Cisco Secure at Cisco Live EMEA 2023

Cisco Live is the premier destination for Cisco customers and partners to gain knowledge and build community. Our teams work hard to deliver education and inspiration, ignite creativity, deliver practical know-how, and accelerate the connections that fuel your digital future. The Cisco Secure team is excited to share our expertise to help power the strategies […]

The 2023 Adobe Creative Cloud Beginner to Advance Bundle for $59

Expires November 25, 2122 23:59 PST Buy now and get 97% off Adobe Acrobat Pro DC (Beginner) KEY FEATURES Workplace demand for digital media skills including creating, managing, and integrating PDF documents is on the rise. In this course, students will learn the basics of creating PDF documents and modifying PDFs within Adobe Acrobat DC […]

Implementing AI into Enterprise Search to Make It Smarter

AI has the potential to be a game-changer for businesses that are experiencing a digital transformation, provided that it is correctly applied. While the economy is still struggling to recover, the value of technology like Machine Learning (ML) and Natural Language Processing (NLP) is on the rise. These technologies assist businesses in initiating and accelerating […]

GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry

Feb 06, 2023Ravie LakshmananCyber Attack / Endpoint Security E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware. […]

Scanner Device Detector for GPS Tracker Wireless Listening Device Camera Finder 5 Levels Sensitivity 25H Working Time for $44

Expires January 31, 2123 18:01 PST Buy now and get 61% off PRODUCT SPECS Batteries Required? Yes Power Source Battery Powered Item Dimensions LxWxH 4.1 x 0.97 x 0.58 inches Battery Life 25 Hours function logProductOverviewMetric(metric) { if(typeof window.csa !== ‘undefined’) { var myEvents = csa(“Events”, {producerId: “dppinfo”}); myEvents(“log”, { schemaId: “dppinfo.productOverviewClientSideEvents.1”, eventName: metric }, […]

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate. Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

The 2023 Adobe Creative Cloud Beginner to Advance Bundle for $59

The Complete 2023 Business Accounting Mastery Bundle for $49

Universal VR Set Glasses Goggle Bundle for PC Android Phone for iPhone for $125

Scanner Device Detector for GPS Tracker Wireless Listening Device Camera Finder 5 Levels Sensitivity 25H Working Time for $44

VYSN RockinPods TWS Waterproof Bluetooth Earbuds for $24

Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers

The 2023 Adobe Creative Cloud Beginner to Advance Bundle for $59

The Complete 2023 Business Accounting Mastery Bundle for $49

Universal VR Set Glasses Goggle Bundle for PC Android Phone for iPhone for $125

Scanner Device Detector for GPS Tracker Wireless Listening Device Camera Finder 5 Levels Sensitivity 25H Working Time for $44

VYSN RockinPods TWS Waterproof Bluetooth Earbuds for $24

Share this:

Reader Interactions

Leave a Reply Cancel reply