APT Attack Attempts Using Word Documents Targeting Specific Individuals
The ASEC analysis team confirmed that the malware with the same format of malicious word documents introduced in the post “Malicious Word Documents Pretending ‘Korea Association for Political and Diplomatic History’ and ‘Policy Advisory Member Profile’ Being Distributed” is still being distributed. Like the malicious word documents introduced in previous
Kaseya VSA Supply Chain Ransomware Attacks (REvil Gang)
The ransomware attack by leveraging a vulnerability in VSA (a cloud-based management service that can manage various patches and perform client monitoring) made by Kaseya, an IT solutions developer for enterprises and managed service providers (MSPs), turned out to be BlueCrab (Sodinikibi) ransomware that is being actively distributed in korea
Malicious Word Document Impersonating U.S. Investment Bank (External Connection + VBA Macro)
The ASEC analysis team is continually reporting malicious documents disguised as North Korea or public institution related materials that are being distributed. In this post, the team will introduce a malicious DOC (Word) document impersonating a U.S. investment bank. See [Figure 1] for more details. The .doc document operates in
Attack Against Ukrainian Ministry of Defense Using E-mail Disguised as Free Bitcoin Reward
ASEC analysis team has confirmed the distribution of malicious e-mail disguised as a free Bitcoin reward that targets specific individuals in Ukrainian Ministry of Defense. This malware uses a recent hot topic, Bitcoin, and tricks people into downloading the end-stage malware through various methods. Figure 1. Phishing e-mail targeting Ukrainian
Distribution of RTF Vulnerability Malware that Takes Advantage of Microsoft Office Word’s External Connection
Distribution of RTF vulnerability (CVE-2017-11882) malware that uses external connection of MS Office Word document has been found. Employees must be on the lookout as the attacker is using spam e-mails to distribute malware to domestic shopping malls and other businesses. Recently, the distribution of MS Office Word malware using
Distribution of Hangul Word Processor (HWP) File with Title of North Korea-related Question
Previously, ASEC analysis team discovered the surge in the distribution of malicious Word files containing North Korea-related materials and shared detailed information about this trend. And today, ASEC analysis team has discovered the distribution of malware disguised as HWP files that contain North Korea-related questions. Judging by the information within
Distribution of Malicious Word Document Disguised as a Military Security Monthly Magazine (April 2021)
On March 29th, ASEC analysis team has introduced malicious word documents containing North Korea related materials. Upon opening the file, it connects to the ‘External URL’ written within XML and downloads additional files. Recently the team has found out that malicious word documents using the mentioned method and disguised as
Malicious Word File Disguised as Compensation Request Form (External Connection + VBA Macro)
With malicious document files being distributed in various document formats such as HWP, DOC, XSLX, and PDF, it is safe to say that such a document-based malware has become a new trend among attackers. In pursuit of this trend, ASEC analysis team has been publishing various articles that contain related information
Malicious Word Documents with External Link of North Korea Related Materials
In the previous, ASEC analysis team has introduced various types of document-based malware. Among them, malicious documents of North Korea related materials were generally produced in HWP file format. You can check the relevant information from previous ASEC blog posts. Today, DOC (Word) documents containing North Korea related materials collected
