The North Korean threat actor ScarCruft utilized a zero-day vulnerability in Windows (CVE-2024-38178) to distribute RokRAT malware, requiring user interaction through a crafted URL, with cybersecurity organizations ASEC and NCSC tracking the operation as Operation Code on Toast, revealing the attacker's tactic of compromising an ad agency server to inject exploit code into toast ad scripts, ultimately leading to type confusion errors and PC infections with RokRAT capable of various malicious activities, including remote access; ScarCruft's advanced hacking techniques have previously leveraged vulnerabilities in legacy browsers, underlining the importance of updating operating systems and software security measures.
https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html