Attackers Uses IE & Edge Zero-Day To Avoid Security Researchers

Last updated: July 5, 2023 Reading time: minutes
Disclosure
Share
internet explorer zero-day

On Tuesday, Microsoft patched the vulnerabilities affecting its products. One of the internet explorer zero-day vulnerabilities was, identified as CVE-2016-3298, described as information disclosure issue which affected Internet Explorer in the wild. The internet explorer zero-day vulnerability targets the object handling of the web-browser in the memory and tests for the presence of data on disk by directing a targeted user into opening a specific website.

After the patch, the attackers found a way to avoid automated analysis systems and researchers to exploit the said vulnerability to exploit in malvertising campaigns, discovered by security firm “Proofpoint.”

The researchers at Proofpoint identified the exploit is now affecting the vulnerability into massive malvertising campaigns by AdGholas and GooNky, the two threat actors.

Experts at Proofpoint first spotted the malvertising campaign back in April, which was targeting users in France, they believe that it had been leveraged by AdGholas.

The group also exploited the patched internet explorer zero-day vulnerability CVE-2016-3351 which affected Microsoft Edge last month. Experts at Proofpoint believe that the flaw is being exploited since 2014. These two vulnerabilities allowed the cybercriminals in ensuring that the targeted systems don’t belong to the security researchers.