TAG grew to become conscious of the vulnerability when the malicious Microsoft Workplace paperwork titled “221031 Seoul Yongsan Itaewon accident response state of affairs (06:00).docx” had been uploaded to VirusTotal on October thirty first, 2022. The paperwork took benefit of widespread publicity over the tragedy in Itaewon on October twenty ninth by which 151 individuals misplaced their lives in a crowd crush throughout a Halloween celebration in Seoul.
The assault is believed to be the work of a bunch of North Korean government-backed actors often known as APT37
TAG says inside the blog post that it “didn’t recuperate a remaining payload for this marketing campaign” however notes that it beforehand noticed APT37 utilizing comparable exploits to ship malware similar to Rokrat, Bluelight, and Dolphin. On this occasion, the vulnerability was reported to Microsoft inside hours of its discovery on October thirty first and was patched out on November eighth.