Tuesday, October 15, 2024
HomeComputer SecurityAPT Cyber Attack Using Unpatched Internet Explorer Zero-Day to Hack Windows Computers

APT Cyber Attack Using Unpatched Internet Explorer Zero-Day to Hack Windows Computers

Published on

Malware protection

Cyber Criminals behind the APT attack using an Internet Explorer Zero-Day vulnerability to compromise the windows based computers.

An APT hacking group using MS Office document attack using the browser 0day vulnerability exploit this vulnerability on victims PC.

Cyber Criminals using variously advanced techniques to compromise the victims and execute the backdoor into their network and zero-day vulnerabilities are big fish for Malicious hackers to perform sophisticated cyber attacks in wide.

- Advertisement - SIEM as a Service

Already Security researchers from Security Qihoo 360 Core revealed that they uncovered an IE 0day vulnerability has been embedded in malicious MS Office document, targeting limited users by a known APT actor.

Internet Explorer Zero-Day “double kill” Exploit 

An office document abused by cyber criminals and distributed this Zero-day vulnerability called “double kill”  to exploit latest versions of Internet Explorer and applications that use the IE kernel.

A Malicious office document distributed via spam email and other online media to reach the victims and tricked them to open the document leads to eventually infect the targetted computer.

Eventually, attacker implanted in the backdoor Trojan or even full control of the computer after the successful execution of windows based computers.

Mainly hackers using malicious embedded web page implement this APT attack to delivering an Office document and once the victims open the document, exploit code and malicious payload are loaded through the remote server.

According to weibo Report, The late exploit phase of the attack uses public UAC bypass techniques and uses file steganography and memory reflection loading to avoid traffic monitoring and fileless downloads.

If You can understand this Image language then you can help us to translate for other readers

Cybercriminals silently executing this Internet Explorer Zero-Day “double kill” vulnerability and run the malicious web page and background and execute an attack program.

Qihoo 360 Core already warned that users to not open office documents from unknown sources and they reported to Microsoft the details of the browser’s 0day vulnerability

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Splunk Enterprise Vulnerabilities let Attackers Execute Remote Code

Splunk has disclosed multiple vulnerabilities affecting its Enterprise product, which could allow attackers to...

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...