Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Cyber threat targets South Korean government

AhnLab identified emails with a malicious HWP attachment that is designed to exploit a zero-day vulnerability in the Korean-language word processing software
AhnLab identified emails with a malicious HWP attachment that is designed to exploit a zero-day vulnerability in the Korean-language word processing software

The Korean security firm recently identified emails with a malicious HWP attachment that is designed to exploit a zero-day type of vulnerability in the Korean-language word processing software.

The attached malicious file is disguised as a document from the government archives. Titles of the bogus documents include 'The Strategic Approach to North Korean Nuclear Issue', 'Agenda for Unification of North and South Korea Conference', 'Improving the Department of Defense System Engineering of XX University', and 'Technology for National Defense System'.

Once downloaded, the document infects the victim’s machine with malware that is able to collect the record of web access, hardware, and OS data and send it to a command and control (C&C) server, according to AhnLab.

Once connected to the C&C server, the malware is able to upload and download the files from the infected machine, as well as collect the IP and proxy address.
 

What’s Hot on Infosecurity Magazine?