In a major revelation, security researchers have discovered that a yet-unpatched vulnerability in Microsoft’s venerable Internet Explorer (IE) web browser was responsible for the spate of attacks against security researchers (opens in new tab) reported last month.
Google’s Threat Analysis Group (TAG) last month disclosed that a North Korean state-sponsored hacking group employed various means, including creating elaborate fake personas to engage with the researchers, in their bid to break into their workstations (opens in new tab).
Now, according to reports, South Korean security firm ENKI has identified a previously undisclosed zero-day vulnerability in IE, which they claim has been exploited in these recent attacks.
- We've put together a list of the best endpoint protection (opens in new tab) software
- These are the best identity theft protection (opens in new tab) tools on the market
- Also, check out our roundup of the best VPN (opens in new tab) solutions
Caught in the act
As part of the attack, the threat actors, masquerading as researchers, sent malicious Visual Studio Projects and links to websites that hosted exploit kits to install backdoors on the researcher's computers.
In a Korean language blog published yesterday, ENKI said (opens in new tab) that their researchers were also targeted by the group on the pretext of discussing a macOS exploit. While the attack failed, it gave the researchers a chance to analyze the files shared by the attackers in their bid to gain access to their computers.
Their analysis led ENKI to believe that the attackers are piggybacking on an exploit for an IE zero-day vulnerability to deliver the malicious payload. ENKi then created a proof-of-concept for the exploit which has also reportedly been reproduced by other security researchers based on the details shared by ENKI.
According to the report, ENKI is in touch with Microsoft who’ve requested further details from the Korean company.
- We've also highlighted the best antivirus (opens in new tab) solutions
Via: BleepingComputer (opens in new tab)