Attacks exploiting a recently patched high-severity Windows Scripting Engine zero-day vulnerability, tracked as CVE-2024-38178, have been launched by North Korean state-sponsored threat operation APT37, also known as Scarcruft, InkySquid, Ricochet Chollima, Reaper, and Ruby Sleet, to facilitate RokRAT malware delivery, The Hacker News reports.Threat actors leveraged the flaw to target a toast advertisement program with an unsupported Internet Explorer module, which when installed would trigger a type confusion error and several malicious actions, including the deployment of the RokRAT trojan, a joint analysis from AhnLab Security Intelligence Center and South Korea's National Cyber Security Center showed. Aside from having file enumeration and arbitrary process termination capabilities, RokRAT's latest iteration has also enabled remote command execution and data exfiltration from various browsers and apps. "The technological level of North Korean hacking organizations has become more advanced, and they are exploiting various vulnerabilities in addition to [Internet Explorer]. Accordingly, users should update their operating system and software security," said the report.
Breach
Windows zero-day leveraged for RokRAT malware delivery

Today’s columnist, Mike Price of ZeroFox, explains how MFA and SEO poisoning attacks have increased as hacking tools become more automated. (Stock Photo, Getty Images)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
Attack VectorYou can skip this ad in 5 seconds



