Googles Threat Analysis Group (TAG) announced the discovery of a 0-day vulnerability first seen in late October 2022 embedded in malicious documents and used to target users in South Korea. TAG attributed this activity to a group of North Korean government-backed actors known as APT37. These malicious documents exploited an Internet Explorer 0-day vulnerability in the JScript engine, CVE-2022-41128. On October 31, 2022, multiple submitters from South Korea reported new malware to TAG by uploading a Microsoft Office document to VirusTotal. The document references the tragic incident in the neighborhood of Itaewon, in Seoul, South Korea during Halloween celebrations on October 29, 2022. The incident was widely reported on, and the lure takes advantage of widespread public interest in the accident. The vulnerability resides within “jscript9.dll”, the JavaScript engine of Internet Explorer, and can be exploited to execute arbitrary code when rendering an attacker-controlled website. The bug itself is an incorrect JIT optimization issue leading to a type confusion and is very similar to CVE-2021-34480, which was identified by Project Zero and patched in 2021. TAG reported the vulnerability to Microsoft on October 31, 2022, and the label CVE-2022-41128 was assigned on November 3, 2022. The vulnerability was patched on November 8, 2022.