SK Government Targeted with Crafty HWP Files in New Cyber-attacks
South Korea-based AhnLab, the company well-known for supplying integrated security software elaborated that cyber threats were targeting government agencies of South Korea using a malevolent Hangul Word Processor (HWP) document reportedly crafted for abusing security flaw within the software.
Importantly, the HWP word processor is very popular amongst public institutions in SK including universities, schools and government organizations.
AhnLab lately spotted e-mails carrying certain malevolent HWP attachment created for using one 0-day security flaw within the Korean word processor.
The security company outlined that the malevolent attachment camouflaged a file belonging to the government repository. Captions for the fake attachment were several such as "Agenda for Unification of North and South Korean Conference," "The Strategic Approach to North Korean Nuclear Issue," "Technology for National Defense System" and "Improving the Department of Defense System Engineering of XX University."
When pulled down, the attached file dropped malware onto the infected computer to intercept the user's activities on the Web, and collect operating software and hardware information on the contaminated system. Thereafter, it transmitted the stolen data to remote hackers through a command-and-control (C&C) server. Other tasks of the malware included seizing the computer user's a/c credentials, downloading as well as uploading files via the C&S server as also garnering the proxy and Internet Protocol addresses.
Meanwhile, personalized cyber-assaults of late have been relying on non executable files, concealing malware which exploited new security flaws for impregnating the computer network of target organizations even as the malware counteracted security detection.
Therefore, AhnLab advises all-inclusive solution that doesn't allow secret data leakage via the said form of sophisticated and targeted assault.
Seemingly, the Korean country is considering the latest cyber-assaults on government agencies, universities and schools with utmost gravity, therefore, it's planning for embarking on further hardening safeguards vis-à-vis the threats.
Accordingly, every city intranet along with the whole government PC-network of SK will be safeguarded with a system that'll block sophisticated assaults through the shutdown of heavy traffic, at the initiative of the Ministry of Public Administration and Security. Moreover, there'll be an arrangement for sharing malicious software threat information among players particularly, the private industry professionals.
Related article: SEC Takes Action On Online Brokerage Theft
» SPAMfighter News - 17-07-2012