Discovery of Continuous Distribution of North Korea-related Malicious Word Files
The ASEC analysis team has discovered the continuous distribution of malicious Word files containing North Korea-related materials. The macro code inside the Word file is similar to the one that was introduced in the previous post, <‘Malicious Word File Disguised as ‘Purchase and Sales Agreement for Export-bound Gold Bars’>. The
Malicious HWP File with COVID-19 Relief Fund Related ‘Collection of Personal Information Consent Form’
The ASEC analysis team has discovered a malicious HWP file that hasn’t been distributed for some time. The HWP file that was last posted in April was inserted with a malicious link object inside, and it is the first time this year that a file inserted with malicious EPS was
APT Attacks Using Malicious Word File of a Particular Thesis
The ASEC analysis team has discovered the distribution of malicious Word files disguised as a particular thesis in September. The discovered file is being distributed with the filename of “Critical Analysis on ROK Defense Reform Utilizing Evolving Management Theories.doc” and it has malicious macro included. The internal macro code is
VNC Malware (TinyNuke, TightVNC) Used by Kimsuky Group
While monitoring Kimsuky-related malware, the ASEC analysis team has recently discovered that VNC malware was installed via AppleSeed remote control malware. VNC, also known as Virtual Network Computing, is a screen sharing system that remotely controls other computers. Similar to the commonly-used RDP, it is used to remotely access and
Malware with the Filename kakaoTest.exe, Possibly Developed by Kimsuky
The ASEC analysis team has been keeping eye on the trend of malware that attempts APT attacks using Word documents, and sharing them in the blog. The team has found additional malicious files that use the same code as the malware created from document files such as ‘Constitution Day International
APT Attack Attempts Using Word Documents Targeting Specific Individuals
The ASEC analysis team confirmed that the malware with the same format of malicious word documents introduced in the post “Malicious Word Documents Pretending ‘Korea Association for Political and Diplomatic History’ and ‘Policy Advisory Member Profile’ Being Distributed” is still being distributed. Like the malicious word documents introduced in previous
Kaseya VSA Supply Chain Ransomware Attacks (REvil Gang)
The ransomware attack by leveraging a vulnerability in VSA (a cloud-based management service that can manage various patches and perform client monitoring) made by Kaseya, an IT solutions developer for enterprises and managed service providers (MSPs), turned out to be BlueCrab (Sodinikibi) ransomware that is being actively distributed in korea
Malicious Word Document Impersonating U.S. Investment Bank (External Connection + VBA Macro)
The ASEC analysis team is continually reporting malicious documents disguised as North Korea or public institution related materials that are being distributed. In this post, the team will introduce a malicious DOC (Word) document impersonating a U.S. investment bank. See [Figure 1] for more details. The .doc document operates in
Attack Against Ukrainian Ministry of Defense Using E-mail Disguised as Free Bitcoin Reward
ASEC analysis team has confirmed the distribution of malicious e-mail disguised as a free Bitcoin reward that targets specific individuals in Ukrainian Ministry of Defense. This malware uses a recent hot topic, Bitcoin, and tricks people into downloading the end-stage malware through various methods. Figure 1. Phishing e-mail targeting Ukrainian
Distribution of RTF Vulnerability Malware that Takes Advantage of Microsoft Office Word’s External Connection
Distribution of RTF vulnerability (CVE-2017-11882) malware that uses external connection of MS Office Word document has been found. Employees must be on the lookout as the attacker is using spam e-mails to distribute malware to domestic shopping malls and other businesses. Recently, the distribution of MS Office Word malware using

