An APT group (Advanced Persistent Threat) has been exploiting vulnerabilities in Mozilla Firefox and Internet Explorer browsers as part of the campaign aimed at China and Japan.
The flaws in question are CVE-2019-17026 (Firefox) and CVE-2020-0674 (IE), which have been patched by Mozilla and Microsoft in early January and in February this year accordingly. Both vulnerabilities were exploited in attacks prior to the release of the patches.
The CVE-2019-17026 flaw is an “IonMonkey type confusion with StoreElementHole and FallibleStoreElement,” where IonMonkey is the Just-in-Time (JIT) compiler for Firefox’s SpiderMonkey JavaScript engine.
CVE-2020-0674 is a remote code execution vulnerability, which could be exploited by tricking a user into opening a specially crafted webpage.
According to Chinese cybersecurity firm Qihoo 360 who reported the attacks, the hackers exploited CVE-2019-17026 in Firefox along with the CVE-2020-0674 vulnerability.
The experts have attributed the campaign to the threat actor known as DarkHotel, which the company tracks as APT-C-06. Qihoo says the group operates from East Asia and refers to it as the “Peninsula APT.”
Earlier this week Japan’s Computer Emergency Response Team Coordination Center (JPCERT/CC) has published a report detailing attacks exploiting both vulnerabilities and targeting Japanese entities.
According to the report, targeted users are directed to a malicious website set up to deliver exploits depending on the user’s browser. If the attack is successful, a proxy automatic configuration file (PAC file) is downloaded ont ..
Support the originator by clicking the read the rest link below.
