What is CVE-2024-38178?

CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability in Microsoft Edge's Internet Explorer Mode. It enables remote code execution, allowing attackers to compromise systems when users click on a crafted URL. This vulnerability was patched in August 2024.

Who is exploiting the CVE-2024-38178 vulnerability?

APT37, a North Korean threat actor also known as RedEyes, Reaper, ScarCruft, Group123, and TA-RedAnt, is exploiting the CVE-2024-38178 vulnerability. The group has used this flaw to target a South Korean advertising agency by delivering malware through compromised ad content.

How does the exploitation of CVE-2024-38178 work?

Attackers exploit the flaw by tricking users into clicking on a crafted URL, often using phishing attacks or deceptive websites. In the case of APT37, the group compromised the ad program 'Toast,' which, when rendering infected ad content, triggers the vulnerability without user interaction, leading to malware download and potential full control over compromised systems.

What is APT37's targeting method in this attack?

APT37 compromised servers of a South Korean advertising agency to deliver malicious ad content via the 'Toast' ad program. This approach allowed the group to deliver malware to users through ads bundled with free software.

What should users do to protect themselves from CVE-2024-38178?

Users of Windows are urged to patch their systems immediately, as the vulnerability has been addressed by Microsoft in a patch released in August 2024. Applying the latest security updates is critical to prevent exploitation by APT37 and other threat actors.

Attack

North Korean hackers exploit flaw in Microsoft Edge using Internet Explorer Mode - patch NOW.

published: Oct. 19, 2024

Take action: This flaw was patched 2 months ago, and even then Microsoft warned of active exploitation. DO NOT DELAY, you will be hacked. Initiate update for your Windows, and take a one hour walk until it completes.

Learn More

A North Korean threat actor, identified as APT37 (also known as RedEyes, Reaper, ScarCruft, Group123, and TA-RedAnt), is reported to be exploiting a flaw in Microsoft Edge using Internet Explorer Mode.

The flaw, tracked as CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability enabling remote code execution patched in August 2024.

To exploit the bug, attackers require a user to just click on a crafted URL - which is nearly trivial for phishing attacks and various "free stuff" websites.

The North Korean group targeted a South Korean advertising agency and exploited the vulnerability via the "Toast" ad program, which is bundled with various free software.

APT37 compromised the advertising agency's servers to deliver malicious ad content. The ad program, when downloading and rendering the infected ad content, triggers the vulnerability without user interaction, leading to the download of malware. This tactic allowed the attackers to deploy malware and potentially gain full control over compromised systems.

Users of Windows are urged to patch their computers ASAP.

North Korean hackers exploit flaw in Microsoft Edge using Internet Explorer Mode - patch NOW.

Read More
Destructive npm packages enable remote system destruction
SonicWall Gen 7 firewalls targeted with SSL VPN …
Hackers attempt to exploit zero-day flaws in PTZOptics …
Oracle WebLogic Servers Face Immediate Exploitation of Critical …
36 Malicious npm Packages Target Guardarian Infrastructure via …