North Korean Hackers Exploit Zero-Day Flaw In Internet Explorer
- С сайта: Zero-Day(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Zero-Day(cybersecuritynews.com)
A joint report by AhnLab Security Emergency response Center (ASEC) and the National Cyber Security Center (NCSC) has revealed a new zero-day vulnerability (CVE-2024-38178) in Microsoft Internet Explorer (IE) being actively exploited by North Korean hackers.
The campaign, dubbed “Operation Code on Toast,” targets users of outdated toast ad programs to deliver malware.
The threat actor behind the attacks, TA-RedAnt (also known as RedEyes, ScarCruft, and APT37), has a history of targeting North Korean defectors and individuals involved in North Korean affairs.
This time, they are exploiting a vulnerability in IE’s JavaScript engine (jscript9.dll) to compromise systems running vulnerable toast ad programs.
Exploitation Methodology
TA-RedAnt has a history of targeting individuals such as North Korean defectors and experts in North Korean affairs. In this operation, they exploited a zero-day vulnerability in IE to manipulate a specific toast ad program.
These programs, often bundled with free software, render web content using WebView. If the WebView is IE-based, it becomes susceptible to IE vulnerabilities.
The attack begins with TA-RedAnt compromising the server of a Korean online advertising agency. They then inject malicious code into the ad content script, which is subsequently downloaded and rendered by the toast ad program on the victim’s machine, reads the ASEC report.
This results in a “zero-click” attack, requiring no user interaction. Once compromised, the systems became vulnerable to various malicious activities, including remote access.
Despite Microsoft’s termination of IE support in June 2022, many Windows applications still rely on its engine, making them vulnerable. The attackers first infiltrated a Korean online advertising agency’s server.
Upon discovering the vulnerability, AhnLab and the NCSC promptly reported it to Microsoft.
On August 13, Microsoft issued CVE-2024-38178 with a CVSS score 7.5 and released a patch to mitigate the threat. Users and organizations are urged to apply this update immediately to safeguard against potential exploits.
Recommendations
#Cyber_Security_News #Vulnerability #Zero-Day #cyber_security #cyber_security_news #Zero_day
Оригинальная версия на сайте:
North Korean Hackers Exploit Zero-Day Flaw In Internet Explorer
Author: DhivyaA joint report by AhnLab Security Emergency response Center (ASEC) and the National Cyber Security Center (NCSC) has revealed a new zero-day vulnerability (CVE-2024-38178) in Microsoft Internet Explorer (IE) being actively exploited by North Korean hackers.
The campaign, dubbed “Operation Code on Toast,” targets users of outdated toast ad programs to deliver malware.
The threat actor behind the attacks, TA-RedAnt (also known as RedEyes, ScarCruft, and APT37), has a history of targeting North Korean defectors and individuals involved in North Korean affairs.
This time, they are exploiting a vulnerability in IE’s JavaScript engine (jscript9.dll) to compromise systems running vulnerable toast ad programs.
Exploitation Methodology
TA-RedAnt has a history of targeting individuals such as North Korean defectors and experts in North Korean affairs. In this operation, they exploited a zero-day vulnerability in IE to manipulate a specific toast ad program.
These programs, often bundled with free software, render web content using WebView. If the WebView is IE-based, it becomes susceptible to IE vulnerabilities.
The attack begins with TA-RedAnt compromising the server of a Korean online advertising agency. They then inject malicious code into the ad content script, which is subsequently downloaded and rendered by the toast ad program on the victim’s machine, reads the ASEC report.
This results in a “zero-click” attack, requiring no user interaction. Once compromised, the systems became vulnerable to various malicious activities, including remote access.
Despite Microsoft’s termination of IE support in June 2022, many Windows applications still rely on its engine, making them vulnerable. The attackers first infiltrated a Korean online advertising agency’s server.
Upon discovering the vulnerability, AhnLab and the NCSC promptly reported it to Microsoft.
On August 13, Microsoft issued CVE-2024-38178 with a CVSS score 7.5 and released a patch to mitigate the threat. Users and organizations are urged to apply this update immediately to safeguard against potential exploits.
Recommendations
- Apply the latest security patches from Microsoft.
- Ensure systems are updated to the latest versions.
- Developers should avoid using outdated libraries or modules in their software products.
- Users should follow basic cybersecurity measures, such as regularly updating their software.
#Cyber_Security_News #Vulnerability #Zero-Day #cyber_security #cyber_security_news #Zero_day
Оригинальная версия на сайте:
