North Korea uses tragedy to hack Microsoft Office and Internet Explorer

In a blog post, Google says it discovered that North Korea was exploiting a zero-day vulnerability in Internet Explorer. To do this, the hackers used Office documents referring to a tragedy that took place in Seoul, South Korea.

Google’s Cyber ​​Threat Analysis Group discovered that a 0-day vulnerability in Internet Explorer was being exploited by North Korean hackers through Microsoft Office documents. The hackers lured their victims by referring to the Halloween stampede in Itaewon, in a district of the South Korean capital.

Internet Explorer is not (completely) dead

After 27 years of good and loyal service, Internet Explorer bowed out in June 2022, giving way to Microsoft Edge. But as Google’s “threat analysis group” explains on its blog, Microsoft Office still uses the Internet Explorer engine to run the JavaScript programming language. A “detail” that made machines under Windows 7 and up to vulnerable Windows 11as well as those running Windows Server 2008 through 2022 that did not have the November 2022 security update installed.

A vulnerability exploited by hackers last October and which Google spotted on October 31 when one of the malicious Microsoft Office documents titled “221031 Seoul Yongsan Itaewon accident response situation (06:00).docx” was uploaded to “VirusTotal”Google’s online suspicious file and link analysis service.

The Microsoft Office file used by hackers. – © Google

The document exploited a zero-day vulnerability (so far without any known patch) in Internet Explorer found in “jscript9.dll”, the browser’s JavaScript engine that can be used to deliver malicious code or software by hackers.

Hackers backed by the North Korean government

The hackers took advantage of an event with significant media coverage to disseminate these false documents: the Itaewon tragedy of October 29, during which at least 153 people lost their lives during a crowd movement during the Halloween celebration in Seoul.

Google cybersecurity specialists attribute this computer attack to a group of actors supported by the North Korean government. These hackers, known as APT37, have previously exploited 0-day flaws in Internet Explorer to target South Korean journalists, policy makers and human rights activists using Internet Explorer. The vulnerability was reported to Microsoft within hours of its discovery on October 31, 2022, and the flaw was patched on November 8.

Microsoft had already dealt with this group of hackers in 2019. Indeed, the American company had then received an order from the American authorities to eliminate 50 domain names exploited by North Korean hackerss. Domain names were used to send phishing emails to pages to phish their victims and reach their professional internet networks.

Source :


We would love to give thanks to the author of this short article for this awesome material

North Korea uses tragedy to hack Microsoft Office and Internet Explorer

Find here our social media profiles , as well as other pages that are related to them.