AhnLab ASEC and South Korea's NCSC describe a TA-RedAnt operation exploiting CVE-2024-38178, a Microsoft Internet Explorer scripting-engine type-confusion vulnerability, through a compromised domestic advertising-content delivery path. The attackers inserted exploit code into scripts served to toast-advertising programs that rendered content with IE-based WebView components, enabling zero-click compromise when vulnerable advertising software downloaded and displayed the content. The report attributes the activity to the North Korean actor also tracked as RedEyes, ScarCruft, Group123, and APT37, and notes that successful exploitation could lead to malware infection and remote command execution before Microsoft issued a patch.