APT Group Exploited Zero-Day Vulnerability in Internet Explorer

Vulnerability Technology.

Experts discovered a zero-day vulnerability in Microsoft’s Internet Explorer and found that an Advanced Persistent Threat group is exploiting it.

Zero-day vulnerabilities are always considered a huge threat especially when they are not identified at the right time.

A group of security researchers has managed to uncover one such vulnerability in Microsoft’s Internet Explorer browser.

The research and findings were delivered by a team of experts from the antivirus company Qihoo 360 Core.

The discovered zero-day vulnerability has been dubbed Double Kill, and they further added that a known APT (Advanced Persistent Threat) group has been exploiting the flaw for some time now.

They were not targeting everyone but instead were continuously attacking a select group of users, and the majority of them were found to be residing in Asia.

Undisclosed APT Group

An APT (Advanced Persistent Threat) group, as defined by FireEye, is usually more threatening than individual hackers because this type of threat organizations usually backed by the country or the state providing them all the resources they could get.

According to a tweet from Qihoo 360 Core, the security research team was able to identify the known APT group involved with exploiting the Internet Explorer vulnerability.

Chinese Antivirus Team Makes a Startling Discovery

The Qihoo 360 Core team discovered that the APT exploiters choose to keep the issue undisclosed and never launched any large-scale attacks. They exploited it by sending the malware package, along with Office documents, to select targets in Asia.

Dubbed as the “Double Kill” vulnerability, the issue is found in all latest versions of Internet Explorer and any other applications that continue to use the IE Kernel. Microsoft has officially moved from IE to the Edge browser, but people still using older versions of their operating system—such as Windows 8.1, Windows 7 and others—have to rely on Internet Explorer for their browsing requirements if they are not willing to use any third-party solutions.

IE Vulnerability Explained

Qihoo 360 Core staff explained how the issue exploits users and released an image describing the exploitation chain. As soon as the target opens the infected document, the exploit code and malicious codes are transferred to the host computer from the attacker’s server.

The hack also makes use of UAC bypass, DLL loading and executes files in the background to avoid suspicion with the user.

The security experts at Qihoo 360 Core were quick to respond to the attack and reported the vulnerability to Microsoft. They provided all the information they had gathered so far. It was supposed to have helped the security team behind Internet Explorer to fix the zero-day vulnerability as soon as possible.

Microsoft’s Response to the Attack

Best Internet Concept of global business.

The hack also makes use of UAC bypass, DLL loading and executes files in the background to avoid suspicion with the user.

Microsoft issued a standard statement which confirmed that they will continue to investigate the security issue and proactively roll out updates to safeguard users.

They further recommended that users should consider switching to Windows 10, their latest operating system, and the Microsoft Edge browser, which is an active product from Microsoft.

As with their continuing security patch updates, the company further added that any identified issues will be fixed on the day that new updates are rolled out.

Users should download the latest updates so that they can stay secure and safeguard themselves against any external attacks.

The extent of the attack is unknown at the moment as it was largely geared towards a specific group of audience in Asia.

At Microsoft’s end, the only solution is to fix it so that their users stay safe when browsing the web or opening Microsoft Office documents. The Qihoo 360 Core team warned users to not open any unidentified documents and to push the company to roll out a timely security patch whenever such issues are identified.

Leave a Reply