InkySquid State Actor Exploiting Known IE Bugs
#1
Information 
Quote:The InkySquid advanced persistent threat (APT) group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities.
 
New analysis from Volexity reported its team of researchers noticed suspicious code being loaded on the Daily NK site, a news outlet focused on North Korea, starting in April. And although the links led to real files, malicious code was being inserted for brief periods, making it difficult to detect. The researchers suspected the attack was ongoing between March and June.
 
“When requested, with the correct Internet Explorer user-agent, this host would serve additional obfuscated JavaScript code,” Volexity’s team reported. “As with the initial redirect, the attacker chose to bury their malicious code amongst legitimate code. In this case, the attacker used the ‘bPopUp’ JavaScript library alongside their own code.”
 
The researchers added that since the code is largely legitimate, it would likely evade both manual and automated detection. The code, which the attackers camouflage around real content, is consistent with Internet Explorer bug CVE-2020-1380, the report said.
 
Another similar attack from the InkySquid group (aka APT37, Reaper or ScarCruft) leveraged CVE-2021-26411 to attack Internet Explorer as well as legacy versions of Microsoft Edge, according to Volexity.
 
“As with the CVE-2020-1380 example, the attacker made use of encoded content stored in SVG tags to store both key strings and their initial payload,” the researchers explained. “The initial command-and-control (C2) URLs were the same as those observed in the CVE-2020-1380 case.”

Read more: InkySquid State Actor Exploiting Known IE Bugs
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
ON1 Software
ON1 Photo RAW 2025.1...jasonX — 06:29
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator
zevish's profile zevish

>