"Hacking Group Also Used an IE Zero-Day Against Security Researchers"

Last month, Google's Threat Analysis Group revealed an ongoing campaign, targeting security researchers. It was revealed that the North Korean state-sponsored hacking group known as the Lazarus Group is behind the campaign. According to Google, the Lazarus Group employed a novel engineering method that involves contacting target security researchers and asking them to collaborate on vulnerability and exploit development. Once the security researcher agrees to collaborate, the attackers send them malicious Visual Studio Projects and links to websites hosting exploit kits that would install backdoors on their computer. Microsoft revealed that it had observed the Lazarus Group sending MHTML files containing malicious JavaScript to researchers. Researchers at the South Korean cybersecurity firm ENKI recently reported that Lazarus had targeted individuals on their research team with MHTML files. They found that an Internet Explorer zero-day vulnerability was exploited in the attacks they faced. The exploitation of the Internet Explorer bug allows attackers to upload a list of running processes, screen captures, and network information to their command-and-control (C2) server. This article continues to discuss the Lazarus Group's malicious campaign targeting security researchers and the abuse of an Internet Explorer zero-day in attacks against ENKI's security researchers.

BleepingComputer reports "Hacking Group Also Used an IE Zero-Day Against Security Researchers"