North Korean ScarCruft Hackers preying on people’s emotions and using an Internet Explorer Zero-Day Vulnerability

North Korea Targets South Koreans

As an IT services and security firm, it is important for Britec to stay up to date on the latest cybersecurity threats and vulnerabilities. Recently, Google warned of an Internet Explorer zero-day vulnerability that was actively being exploited by a North Korean threat actor, known as ScarCruft.

The attack targeted South Korean users by using a malicious Microsoft Word document that exploited a zero-day flaw in the JScript9 JavaScript engine (CVE-2022-41128). The document referenced the recent Itaewon Halloween crowd crush incident in Seoul and exploited public interest in the tragedy to retrieve an exploit for the vulnerability upon opening it.

ScarCruft is a known threat actor that has historically targeted South Korean users, as well as North Korean defectors, policy makers, journalists, and human rights activists. Given the rarity of zero-day exploits, it is likely that ScarCruft used this vulnerability in combination with more sophisticated backdoors, such as Dolphin.

It is important to be aware of these types of tactics used by threat actors, as they often prey on people’s emotions in order to trick them into downloading malware. To protect against these and other cybersecurity threats, it is important to stay vigilant and to be cautious when opening links or downloading files from the internet. If something seems out of place or “phishy,” it is always a good idea to get a second opinion before clicking on any links. By practicing safe browsing habits, we can help to protect ourselves and our clients against these types of attacks.

If you have any questions about this article or staying secure in the digital world. Please feel free to reach out to us.