Microsoft has patched a critical zero-day vulnerability that North Korean hackers used to target security researchers with malware.
The natural attacks came to light in January in posts from Google and Microsoft. Both posts supported hackers by the North Korean government, spending weeks developing working relationships with security researchers. To win the researchers’ trust, the hackers created a research blog and Twitter personas that researchers contacted to ask if they would like to collaborate on a project.
Eventually, the fake Twitter profiles asked the researchers to use Internet Explorer to open a web page. Those who took the bait would find that their fully patched Windows 10 machine had installed a malicious service and a backdoor in memory that had been contacted by a server controlled by a hacker.
Microsoft posted the vulnerability on Tuesday. Because the security flaw is detected, CVE-2021-26411 is critically evaluated and requires only low-complexity attack codes.
From poverty to wealth
Google only said that the people who reached out to the researchers worked for the North Korean government. Microsoft said they were part of Zinc, Microsoft’s name for a threat group better known as Lazarus. Over the past decade, Lazarus has changed from a rag group of hackers to what can often be a huge threat actor.
A 2019 United Nations report estimates that Lazarus and allied groups are earning $ 2 billion for the country’s weapons of mass destruction program. Lazarus has also been linked to the Wannacry worm that shut down computers around the world, fileless Mac malware, ATMs targeted at ATMs, and malicious Google Play programs targeting intruders.
In addition to the waterhole attack that IE exploited, the Lazarus hackers who targeted the researchers also sent a Visual Studio project that allegedly contained source code for proof of concept. In the project was appropriate malware that contacted the attackers’ server.
While Microsoft describes CVE-2021-26411 as a security corruption vulnerability in Internet Explorer, Monday’s advice states that the vulnerability also affects Edge, a browser that Microsoft rebuilt that is significantly more secure. as IE. The vulnerability retains its critical rating for Edge, but there are no reports that users have actively targeted the users of the browser.
The patch came as part of Microsoft’s update Tuesday. In total, Microsoft released 89 spots. In addition to the vulnerability of the IE, a separate escalation privilege error is also used in the Win32k component. Plasters are automatically installed during the next day or two. Those who want the updates immediately should go to Start> Settings (the raticon)> Update and Security> Windows Update.