CVE-2017-16238

Name of the Vulnerable Software and Affected Versions Microsoft products (affected versions not specified)

Description The issue concerns a cyber campaign attributed to the Lazarus group, also known as Zinc by Microsoft, which is a well-known North Korean APT. The campaign started in mid-2020 and involved creating fake infosec expert accounts that cross-referenced each other to build credibility among real experts. The attackers used various methods, including distributing MHTML files containing malicious JavaScript links on a blog, attempting to exploit a vulnerability in Vir.IT eXplorer, and stealing Chrome passwords. Researchers warn that visiting a malicious blog at br0vvnn .io and finding indicators of compromise (IOCs) listed in their report may indicate that a device is under the full control of the Lazarus hackers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.