North Koreans tried to hack security researchers via social engineering tricks

Yesterday, Microsoft patched a critical, zero-day security vulnerability (CVE-2021-26411) that affects Internet Explorer as well as the EdgeHTML-based version of the Edge browser. What makes this vulnerability so interesting is the backstory behind how it got abused.

ARS Technica writes North Korean hackers basically used social engineering skills to try to hack seasoned security researchers. The hackers infiltrated the Twitter infosec community and spent weeks developing working relationships with security researchers. They created research blogs and reached out to security researchers to collaborate on a project.

Security researchers who took the bait were asked to open a website via Internet Explorer. The webpage contained malicious code that abused a security vulnerability in Internet Explorer to perform remote code execution:

Eventually, the fake Twitter profiles asked the researchers to use Internet Explorer to open a webpage. Those who took the bait would find that their fully patched Windows 10 machine installed a malicious service and an in-memory backdoor that contacted a hacker-controlled server.

Total of 89 patches on Patch Tuesday

The vulnerability described above got patched on Patch Tuesday alongside 88 other vulnerabilities in Microsoft software. A total of 14 vulnerabilities are rated as critical and several vulnerabilities are actively exploited in the wild. Most of the patches are for Office, Windows, or Azure.