In the aftermath of the Itaewon Halloween crowd crush that killed at least 158 people, North Korea’s APT37 state-sponsored hacking group took advantage of a previously unknown Internet Explorer vulnerability to install malware on the devices of South Koreans who were trying to find out about the tragedy, according to Google’s Threat Analysis Group. The team became aware of the recent attack on October 31st after multiple South Koreans uploaded a malicious Microsoft Office document to the company’s VirusTotal tool.APT37 took advantage of national interest in the Itaewon tragedy by referencing the event in an official-looking document. Once someone opened the doc on their device, it would download a rich text file remote template that would, in turn, render remote HTML using Internet Explorer. According to Google, this is a technique that has been widely used to distribute exploits since 2017, as it allows hackers to take advantage of vulnerabilities in Internet Explorer even if someone isn&rs