Vulnerability cyber

Korean online ad agency

Oct 21, 2024 1 min read
Korean online ad agency

APT37, a North Korea-linked cyber espionage group, launched a zero-day supply chain attack exploiting a vulnerability in Internet Explorer identified as CVE-2024-38178. They compromised a Korean online advertising agency which used an outdated IE-based WebView for ad content rendering. The agency's ad server was injected with malicious code, enabling APT37 to execute a zero-click attack on user systems through malicious ads, causing them to download malware without user interaction. The attack potentially allowed remote code execution and data exfiltration, causing significant security concerns for the affected company and its clients.

Source: https://securityaffairs.com/169983/apt/north-korea-apt37-ie-zero-day.html

TPRM report: https://scoringcyber.rankiteo.com/company/jellyfishglobal

"id": "jel000102124",
"linkid": "jellyfishglobal",
"type": "Vulnerability",
"date": "10/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Advertising',
                        'location': 'Korea',
                        'type': 'Online Advertising Agency'}],
 'attack_vector': ['Supply Chain Attack', 'Zero-Day Exploit'],
 'description': 'APT37, a North Korea-linked cyber espionage group, launched a '
                'zero-day supply chain attack exploiting a vulnerability in '
                'Internet Explorer identified as CVE-2024-38178. They '
                'compromised a Korean online advertising agency which used an '
                'outdated IE-based WebView for ad content rendering. The '
                "agency's ad server was injected with malicious code, enabling "
                'APT37 to execute a zero-click attack on user systems through '
                'malicious ads, causing them to download malware without user '
                'interaction. The attack potentially allowed remote code '
                'execution and data exfiltration, causing significant security '
                'concerns for the affected company and its clients.',
 'impact': {'systems_affected': ['User Systems', 'Ad Server']},
 'initial_access_broker': {'entry_point': 'Internet Explorer Vulnerability '
                                          '(CVE-2024-38178)'},
 'motivation': 'Espionage',
 'threat_actor': 'APT37',
 'title': 'APT37 Zero-Day Supply Chain Attack via Internet Explorer '
          'Vulnerability',
 'type': 'Cyber Espionage',
 'vulnerability_exploited': 'CVE-2024-38178'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

SBI

public 1 min read
A significant security flaw identified in the YONO SBI banking application exposes millions of users to cybersecurity threats. The vulnerability,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.