February 23, 2017 by Warren Mercer and Paul Rascagneres.
Talos has investigated a targeted malware campaign against South Korean users. The campaign was active between November 2016 and January 2017, targeting a limited number of people. The infection vector is a Hangul Word Processor document (HWP), a popular alternative to Microsoft Office for South Korean users developed by Hancom.
The malicious document in question is written in Korean with the following title:
|5170101-17년_북한_신년사_분석.hwp (translation: 5170101-17 __ North Korea _ New Year _ analysis .hwp)|
This document was alleged to be written by the Korean Ministry of Unification and included their logo as a footer on the document.
Powered by WPeMatico