Summary: Cybersecurity researchers from ESTsecurity have detected a new watering hole attack orchestrated by the North Korean group Kimsuky, targeting a South Korean university’s website related to a reunification education program. The attack employs malicious Hangul Word Processor files disguised as application forms, aiming to infect users involved in reunification efforts. The malware utilizes various techniques to ensure persistence and download additional payloads from command-and-control servers.
Affected: South Korean university and individuals involved in reunification initiatives
Keypoints :
- Attack utilizes a compromised university website to deliver malicious HWP files.
- Executed malware establishes persistence and downloads additional payloads from C2 servers.
- Attack attributed to Kimsuky due to similarities in previously observed tactics and infrastructure.