Caution Against Watering Hole Attack and Malicious File Distribution Disguised as Unification Education Support Application
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A watering hole attack targeting unification education program applicants has been discovered. The attackers uploaded malicious HWP document files to a notice board for an educational program. When opened, the file executes hidden malicious code through OLE objects. The malware creates persistence using scheduled tasks, downloads additional payloads, and communicates with a command and control server. Based on the techniques used, the attack is attributed to the North Korean Kimsuky group. Users are advised to exercise caution when downloading application forms from such websites.
OPENCTI LABELS :
north korea,education,watering hole,scheduled tasks,ole,hwp,unification
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Caution Against Watering Hole Attack and Malicious File Distribution Disguised as Unification Education Support Application