Microsoft has finally patched the Internet Explorer (IE) vulnerability that was exploited by a North Korean state-sponsored hacking group to break into the workstations of researchers from around the world.
The spate of attacks, notorious for their use of elaborate deceptions, against security researchers were reported earlier this year in January by Google’s Threat Analysis Group (TAG).
Last month, security researchers from South Korean security firm ENKI had identified a zero-day vulnerability in IE that the attackers were looking to exploit. Microsoft has finally put out a patch to plug the hole.
- We've put together a list of the best endpoint protection software
- Check our list of the best firewall apps and services
- These are the best identity theft protection tools on the market
Vulnerability patched
Google’s TAG researchers disclosed details about the South Korean hacking campaign noting that the threat actors employed various means, such as creating elaborate fake personas to engage with the researchers.
Security researchers at ENKI were also targeted. However, not only were they able to see through the deception, but also used their domain expertise to zero in on the particular vulnerability that the attackers were hoping to exploit in their bid to gain access to the data on the researchers’ computers.
After discovering the previously undisclosed IE vulnerability, ENKI shared their findings with Microsoft. The vulnerability, tracked as CVE-2021-26411 and rated critical since it was easy to exploit, has finally been patched.
Note that while the vulnerability was exploited in IE, Microsoft says it also affects its newer Edge browser.
- We've also highlighted the best antivirus solutions
Via: Ars Technica
