A North Korean threat actor was caught exploiting an Internet Explorer zero-day vulnerability in a supply chain attack. The attack allows remote attackers to execute code on target systems that use Edge in Internet Explorer Mode. Because any program that uses IE-based WebView to render web content for displaying ads would be vulnerable to this attack, the threat actor compromised the online advertising agency behind the Toast ad program to use it as the initial access vector. The attackers had a goal of tricking victims into downloading malware on systems that had the Toast Ad program installed. Patches for the zero day were released on August 13th.
Read more: https://www.securityweek.com/north-korean-apt-exploited-ie-zero-day-in-supply-chain-attack/