By Ionut Arghire on February 15, 2021
Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer (IE) that North Korean hackers are believed to have exploited in a campaign targeting security researchers.
South Korean security vendor ENKI published a report on the IE zero-day in early February, claiming that North Korean hackers leveraged it to target its researchers with malicious MHTML files leading to drive-by downloads of malicious payloads.
Microsoft has confirmed receiving a report on the vulnerability through an “incorrect channel,” and said that it was committed to investigate the report and deliver a patch as soon as possible.