Article 66N18 North Korean hackers once again exploit Internet Explorer’s leftover bits

North Korean hackers once again exploit Internet Explorer’s leftover bits

by
Kevin Purdy
from Ars Technica - All content on (#66N18)
north-korea-flag-ie-800x450.jpg

Enlarge / APT37, a group believed to be backed by the North Korean government, has found success exploiting the bits of Internet Explorer still present in various Windows-based apps. (credit: Aurich Lawson | Getty Images)

Microsoft's Edge browser has replaced Internet Explorer in almost every regard, but some exceptions remain. One of those, deep inside Microsoft Word, was exploited by a North-Korean-backed group this fall, Google security researchers claim.

It's not the first time the government-backed APT37 has utilized Internet Explorer's lingering presence, as Google's Threat Analysis Group (TAG) notes in a blog post. APT37 has had repeated success targeting South Korean journalists and activists, plus North Korean defectors, through a limited but still successful Internet Explorer pathway.

The last exploit targeted those heading to Daily NK, a South Korean site dedicated to North Korean news. This one involved the Halloween crowd crush in Itaewon, which killed at least 151 people. A Microsoft Word .docx document, named as if it were timed and dated less than two days after the incident and labeled "accident response situation," started circulating. South Korean users began submitting the document to the Google-owned VirusTotal, where it was flagged with CVE-2017-0199, a long-known vulnerability in Word and WordPad.

Read 3 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments