Security firm Symantec has reported that South Korea has been affected by targeted attacks that exploited an Internet Explorer zero-day vulnerability.
According to a post on the company's blog, attackers were able to use an exploit -- dubbed Microsoft Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability CVE-2016-0189 -- to execute an arbitrary code.
"They may have distributed the exploit through a link included in a spear-phishing email or a compromised, legitimate website that redirected users to the exploit," the blog explains.
The security firm said the information was then sent back to a South Korean website.
"Once the file was downloaded, the exploit code decrypted it by XORing the file with the value 0x55164975. The file was then saved to the computer as %Temp%\rund11.dll. The final payload is unknown at this time."
Internet Explorer 9, 10, and 11 were exposed to CVE-2016-0189 which was fixed by Microsoft in its latest Patch Tuesday release. Attackers targeting South Korea took advantage of the zero-day vulnerability before the computer giant patched it.
According to Symantec, South Korea introduced a law in 1999 that required online vendors to adopt Microsoft ActiveX to use the region's SEED cipher for transactions. With Internet Explorer being the only browser to support ActiveX, Symantec said users in the country still tend to rely on the browser.
"The motivations of attacks affecting South Korean organisations often involve espionage or sabotage," Symantec said. "Attackers have been observed targeting South Korean entities to gain remote access to their computers, steal sensitive data, or wipe hard drives."