In a major revelation, security researchers have discovered that a yet-unpatched vulnerability in Microsoft’s venerable Internet Explorer (IE) web browser was responsible for the spate of attacks against security researchers reported last month.
Google’s Threat Analysis Group (TAG) last month disclosed that a North Korean state-sponsored hacking group employed various means, including creating elaborate fake personas to engage with the researchers, in their bid to break into their workstations.
Now, according to reports, South Korean security firm ENKI has identified a previously undisclosed zero-day vulnerability in IE, which they claim has been exploited in these recent attacks.
- We've put together a list of the best endpoint protection software
- These are the best identity theft protection tools on the market
- Also, check out our roundup of the best VPN solutions
Caught in the act
As part of the attack, the threat actors, masquerading as researchers, sent malicious Visual Studio Projects and links to websites that hosted exploit kits to install backdoors on the researcher's computers.
In a Korean language blog published yesterday, ENKI said that their researchers were also targeted by the group on the pretext of discussing a macOS exploit. While the attack failed, it gave the researchers a chance to analyze the files shared by the attackers in their bid to gain access to their computers.
Their analysis led ENKI to believe that the attackers are piggybacking on an exploit for an IE zero-day vulnerability to deliver the malicious payload. ENKi then created a proof-of-concept for the exploit which has also reportedly been reproduced by other security researchers based on the details shared by ENKI.
According to the report, ENKI is in touch with Microsoft who’ve requested further details from the Korean company.
- We've also highlighted the best antivirus solutions