lazarusholic

Everyday is lazarus.dayβ

Internet Explorer 0-day exploited by North Korean actor APT37

2022-12-07, Google
https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37
#APT37 #CVE-2022-41128

Contents

Internet Explorer 0-day exploited by North Korean actor APT37
To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. This blog will describe a 0-day vulnerability, discovered by TAG in late October 2022, embedded in malicious documents and used to target users in South Korea. We attribute this activity to a group of North Korean government-backed actors known as APT37. These malicious documents exploited an Internet Explorer 0-day vulnerability in the JScript engine, CVE-2022-41128. Our policy is to quickly report vulnerabilities to vendors, and within a few hours of discovering this 0-day, we reported it to Microsoft and patches were released to protect users from these attacks.
This is not the first time APT37 has used Internet Explorer 0-day exploits to target users. The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists and human rights activists.
Microsoft Office document …

IoC

08f93351d0d3905bee5b0c2b9215d448abb0d3cf49c0f8b666c46df4fcc007cb
3bff571823421c013e79cc10793f238f4252f7d7ac91f9ef41435af0a8c09a39
56ca24b57c4559f834c190d50b0fe89dd4a4040a078ca1f267d0bbc7849e9ed7
926a947ea2b59d3e9a5a6875b4de2bd071b15260370f4da5e2a60ece3517a32f
af5fb99d3ff18bc625fb63f792ed7cd955171ab509c2f8e7c7ee44515e09cebf
c49b4d370ad0dcd1e28ee8f525ac8e3c12a34cfcf62ebb733ec74cca59b29f82
http://ms-office.services
http://ms-offices.com
http://openxmlformat.org
http://template-openxml.com
http://word-template.net