Internet Explorer Zero-Day Vulnerability Exploited by APT 37

Threat Advisories

Internet Explorer Zero-Day Vulnerability Exploited by APT 37

Threat Level
Attack Report

For a detailed threat advisory, download the pdf file here

Summary

North Korean hackers identified as APT37 exploited a previously unknown Internet Explorer zero-day vulnerability to infect South Koreans, North Korean defectors, policymakers, journalists, and human rights activists. The vulnerability is discovered in the browser’s “JScript9” JavaScript engine, and when exploited by remote attackers, it allows them to inject malicious code into a target system.