October 20, 2024 at 09:07PM
APT37, a North Korea-backed group, exploited a zero-day vulnerability in Internet Explorer to launch a zero-click attack on South Korean targets via a compromised ad program, delivering malware instead of ads. The malware is known as RokRAT, and Microsoft has since patched the vulnerability. Legacy applications remain at risk.
### Meeting Takeaways
1. **APT37 Cyberattack Overview**:
– A North Korea-backed group, APT37, exploited a zero-day vulnerability in Microsoft’s Internet Explorer (IE) to conduct a zero-click supply chain attack targeting South Korea.
2. **Targeted Vulnerabilities**:
– Although IE is deprecated since 2022, it is still present in various legacy applications, specifically in Toast ad programs, which display pop-up notifications on user screens.
– The exploited vulnerability is tracked as CVE-2024-38178 (CVSS score: 7.5).
3. **Mechanism of the Attack**:
– The attack involved compromising an ad agency and using the vulnerability to deliver malware disguised as ad content through Toast scripts.
– The malware used is known as RokRAT, which allows for various malicious activities, including remote commands.
4. **Detection and Mitigation**:
– Fortunately, the attack was detected early, and security measures were implemented against other potentially exploitable Toast advertising programs before Microsoft released a patch.
5. **Continued Risks with Internet Explorer**:
– Despite Microsoft’s patch in August, the integration of IE into other software continues to be a significant security risk, prompting ongoing interest from attackers in exploiting IE vulnerabilities.
6. **Recommendations**:
– Users are urged to keep their operating systems and software updated to mitigate risks.
– Software developers should avoid utilizing outdated or vulnerable development libraries to enhance security in their products.
7. **Increasing Threat Landscape**:
– North Korean hacking groups are demonstrating increasingly advanced techniques and are diversifying their exploit methods beyond just IE vulnerabilities.