North Korean hackers spread malware with official-looking documents related to the Seoul Halloween tragedy, Google’s cybersecurity team said in report. File Photo by Thomas Maresca/UPI
SEOUL, Dec. 8 (UPI) — North Korean state-backed hackers created official-looking documents referencing the Seoul Halloween crowd crush tragedy in an attempt to send malware to users in South Korea, Google’s Threat Analysis Group said in a new report.
The hacker group, known as APT37, embedded malware in a Microsoft Word document that appeared to be a South Korean government report on the disaster that killed 158 people in the Seoul neighborhood of Itaewon on Oct. 29.
“This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident,” the Threat Analysis Group said in a report Wednesday
The attack exploited a zero-day vulnerability in Internet Explorer, the Google security team said.
Zero-day, or 0-day, refers to a security weakness in software not yet known to developers. The APT37 group has previously attempted similar attacks, the report noted.
“This is not the first time APT37 has used Internet Explorer 0-day exploits to target users,” the report said. “The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists and human rights activists.”
The United States warned earlier this year that North Korea-backed hackers are ramping up attacks on a range of targets from cryptocurrency platforms to hospitals.
A U.N. panel of experts that monitors sanctions reported in March that North Korea is using hacking in an effort to access sensitive technology and generate funds for its illicit nuclear weapon and ballistic missile programs.
Multiple users in South Korea uploaded the Microsoft Word document, titled “221031 Seoul Yongsan Itaewon accident response situation (06:00).docx,” to a virus scanner website owned by Google. The Threat Analysis Group said it immediately reported the vulnerability to Microsoft, which released a patch on Nov. 8.
On Thursday, the South Korean government warned businesses against unwittingly hiring North Korean information technology workers with disguised identities.
“North Korean IT personnel are living abroad and disguising their nationality and identity to receive jobs from IT companies around the world, earning hundreds of millions of dollars in foreign currency every year,” the government said in an inter-agency advisory.