Best Top Reviews Online

Google Warns of Zero-Day Vulnerability in Internet Explorer Exploited by ScarCruft Hackers

A North Korean threat actor actively exploited a zero-day vulnerability in Internet Explorer to target South Korean users by taking advantage of the recent Itaewon Halloween crowd crush to trick users into downloading malware.

ScarCruft, also known as APT37, InkySquid, Reaper, and Ricochet Chollima, is responsible for this discovery, which was reported by Google Threat Analysis Group researchers Benoit Sevens and Clément Lecigne.

TAG stated on Thursday that the group has historically targeted South Korean users, North Korean defectors, policymakers, journalists, and human rights activists.

The new findings demonstrate the threat actor’s continued exploitation of Internet Explorer vulnerabilities such as CVE-2020-1380 and CVE-2021-26411 to drop backdoors such as BLUELIGHT and Dolphin, the latter of which was disclosed by the Slovak cybersecurity company ESET late last month.

RokRat, a Windows-based remote access trojan with a variety of functions that allow it to capture screenshots, log keystrokes, and even harvest Bluetooth device information, is another key weapon in its arsenal.

The attack chain identified by Google TAG involves a malicious Microsoft Word document uploaded to VirusTotal on October 31, 2022. Microsoft patched CVE-2022-41128, another Internet Explorer zero-day vulnerability in the JScript9 JavaScript engine, last month.

The file references the October 29 incident that occurred in the Itaewon neighborhood of Seoul and, upon opening, exploits public interest in the tragedy to retrieve an exploit for the vulnerability. Office renders HTML content with Internet Explorer, which makes the attack possible.

According to the MalwareHunterTeam, the same Word document was previously shared by the Shadow Chaser Group on October 31, 2022, with the description “interesting DOCX injection template sample from Korea.”

Successful exploitation is followed by the delivery of a shellcode that obliterates all traces by clearing the Internet Explorer cache and history and downloading the subsequent stage payload.

Google TAG stated that it was unable to recover the subsequent malware used in the campaign, although it is suspected that RokRat, BLUELIGHT, or Dolphin was deployed.

“Unsurprisingly, they continue to target South Korean users,” an ESET malware analyst told The Hacker News. “ScarCruft has not utilized zero-day exploits for some time. Previously, they repurposed public proofs of concept for zero-day exploits.”

“Given the scarcity of zero-day exploits, we anticipate that ScarCruft would combine it with one of its more sophisticated backdoors, such as Dolphin. In addition, the office motif of [command-and-control] domains is consistent with previous campaigns.”

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Ransomware Victims Are Fully Refusing To Pay

January 20, 2023

Cybercriminals’ preferred method of extortion is declining. Briefly, ransomware-type malware threats encrypt files and then demand payment in cryptocurrency from victims to decrypt them. In 2022, however, the market began to shift as fewer businesses elected to be blackmailed. According…

Dark Web Markets Evolve During the Third Quarter

January 1, 2019

In Q3 the Dark Web is characterized by vulnerabilities, stolen credentials, and the evolution of marketplaces. McAfee’s Q3 analysis reveals that after Hansa and AlphaBay were shut down on the Dark Web, Dream Markets and Wall Street Market became the…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of