ActiveX Zero-Day Discovered in Recent North Korean Hacks

itman · May 31, 2018

A North Korean cyber-espionage group has exploited an ActiveX zero-day to infect South Korean targets with malware or steal data from compromised systems, local media and security researchers have reported.

The perpetrators of these attacks are known as the Andariel Group. According to a report authored by South Korean cyber-security firm AhnLab, the Andariel Group is a smaller unit of the larger and more well-known Lazarus Group —North Korea's cyber-espionage apparatus, believed to be a unit of its military.

Attacks started last month

The recent wave of attacks has started last month. Local media reports that Andariel hackers deployed at least nine separate ActiveX vulnerabilities for their attacks, including a new zero-day.
Click to expand...

https://www.bleepingcomputer.com/ne...-day-discovered-in-recent-north-korean-hacks/

guest · Jul 17, 2018

Recent Andariel Group ActiveX Attacks Point to Future Targets
Changes in the group’s script may indicate that the hackers may start using attack vectors other than ActiveX
July 17, 2018
https://threatpost.com/recent-andariel-group-activex-attacks-point-to-future-targets/134053/

“In the earlier case, the group collected targeted ActiveX objects on users’ Internet Explorer browsers before they used the zero-day exploit,” Joseph Chen, fraud researcher with Trend Micro, said in a post.
“This was possibly part of their reconnaissance strategy, to find the right targets for their exploit. Based on this, we believe it’s likely that the new targeted ActiveX objects we found could be their next targets for a watering-hole exploit attack.”

The verification process in the older script is also different from the ActiveX detection, which was only for the Internet Explorer browser – but now can be performed on other browsers, Chen said.

“In the script found in June, the websocket verification could also be performed on other browsers like Chrome and Firefox,” researchers said. “This shows that the attacker has expanded his target base, and is interested in the software itself and not just their ActiveX objects. Based on this change, we can expect them to start using attack vectors other than ActiveX.”
Click to expand...

guest · May 22, 2019

ActiveX Controls in South Korean websites are affected by critical flaws
May 22, 2019
https://securityaffairs.co/wordpress/85973/hacking/south-korea-activex-controls-flaws.html

Security researchers at Risk Based Security have discovered tens of critical vulnerabilities in 10 South Korean ActiveX controls as part of a research project.
The experts discovered that many South Korean websites still use ActiveX controls, including many government sites, despite the risks associated with the use of this technology.

“At the beginning of 2019, we did some research into South Korean ActiveX controls previously exploited in 0-day attacks, resulting in the discovery of, among other things, an incomplete fix for one of them.” reads the analysis published Risk Based Security firm. “During this process, we also obtained a repository of about 100 South Korean ActiveX controls.”
Security researchers searched for vulnerabilities in ActiveX controls since January 2019 and found 40 vulnerabilities across the 10 most popular controls. Experts spotted the flaws by approaching combined fuzzing of the controls with in-depth reverse engineering of the most popular ones.

“It seems 2020 can’t come fast enough for the South Koreans. It’s evident that they’re not only relying on antiquated technology, but their ActiveX controls are just as unsafe as the ones used elsewhere many years ago,” Risk Based Security concludes.
Click to expand...

Risk Based Security: Critical Vulnerabilities Discovered in South Korean ActiveX controls

Log in or Sign up

ActiveX Zero-Day Discovered in Recent North Korean Hacks

itman Registered Member

guest Guest

guest Guest

Log in or Sign up

ActiveX Zero-Day Discovered in Recent North Korean Hacks

itman Registered Member

guest Guest

guest Guest

Useful Searches