https://www.bleepingcomputer.com/news/security/malicious-ads-exploited-internet-explorer-zero-day-to-drop-malware/

The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data.

ScarCruft (aka "APT37" or "RedEyes") is a state-sponsored cyber-espionage threat actor known for targeting systems in South Korea and Europe, as well as North Korean human rights activists and defectors, using phishing, watering hole, and Internet Explorer zero-days.