The Korean security firm recently identified emails with a malicious HWP attachment that is designed to exploit a zero-day type of vulnerability in the Korean-language word processing software.
The attached malicious file is disguised as a document from the government archives. Titles of the bogus documents include 'The Strategic Approach to North Korean Nuclear Issue', 'Agenda for Unification of North and South Korea Conference', 'Improving the Department of Defense System Engineering of XX University', and 'Technology for National Defense System'.
Once downloaded, the document infects the victim’s machine with malware that is able to collect the record of web access, hardware, and OS data and send it to a command and control (C&C) server, according to AhnLab.
Once connected to the C&C server, the malware is able to upload and download the files from the infected machine, as well as collect the IP and proxy address.