An Iranian attacker has been targeting users who have failed to patch a remote code execution vulnerability in a Microsoft browser engine to spy on Farsi-speaking victims. The same vulnerability was also recently exploited by a North Korean attacker, says South Korean security company AhnLab. The firm says the majority of targets appear to be based in the U.S., followed by the Netherlands. The Iranian campaign, being run by an unknown attacker since September, uses a new PowerShell stealer that has “powerful collection capabilities””]
Source: https://www.databreachtoday.com/hackers-exploit-ms-browser-engine-flaw-where-unpatched-a-18003