![]() Thefts from South Korean organisations have the double impact of weakening their closest competitor. “It’s clear that the thefts from Lazarus won’t stop anytime soon given the gains available - the (partially successful) attempt to steal $1 billion dollars from the Bank of Bangladesh represents 3% of North Korea’s reported GDP. The group has also been previously tied to the WannaCry ransomware attacks and the 2014 Sony Pictures hack. “These attacks are part of a a large number of attacks against banks, including the attempted theft of $1 billion dollars from the Bank of Bangladesh, attacks against ATM networks.” They were linked to a theft of $7 million from Bithumb, and other cryptocurrency exchanges, back in 2017,” researchers said. “If the attackers behind the Bithumb heist are indeed Lazarus - they were likely aided by knowledge from a previous hack. This isn’t the first time cybercriminals, specifically Lazarus, have used malicious HWP documents to target South Korean users in both phishing and malware attacks. “Whilst we can’t be certain this malware is responsible for the thefts from Bithumb, it seems a likely suspect,” AlienVault said. They added that South Korean security firm Hauri also uncovered similar-looking malware samples that were sent to cryptocurrency companies. It is used extensively in South Korea, especially by the government.as well as other Haansoft products, is a more affordable alternative to non-native comparable programs such as Microsoft Word. They also mentioned they are linked to previous attacks by Lazarus, and involved faked resumes,” researchers noted. Hangul (also known as Hangul Word Processor or HWP) is a proprietary word processing application published by the South Korean company Hancom Inc. “Reports within South Korea have suggested the the thefts from Bithumb started with malicious HWP files earlier in May and June. It has also been previously deployed against financial targets as well.Īmong the three malicious documents analyzed by AlienVault, one file translated to “Results of the international financial system working group meeting.” It appeared to be targeting members of a recent G20 Financial meeting “seeking coordination of the economic policies between the wealthiest countries,” researchers said.Īnother document was related to the recent cryptocurrency heist that saw hackers steal $30 million from South Korean cryptocurrency exchange Bithumb. If youre already using one of the HWP editors from above, like LibreOffice Writer, you can export or convert the HWP to DOC, DOCX, PDF, RTF, and other document formats. ![]() #HWP HANGUL WORD PROCESSOR DOWNLOAD CODE#In this case, the malicious code downloads the Manuscrypt backdoor that Lazarus has previously used to target diplomatic targets along with virtual currency and electronic payment site users in South Korea. #HWP HANGUL WORD PROCESSOR DOWNLOAD DOWNLOAD#AlientVault researchers said the group has been deploying malicious Hangul word processor (HWP) files - a popular South Korean document editor - that contain malicious postscript code to download either 32-bit or 64-bit malicious payloads. Hangul (aka Hangul Word Processor or HWP) is a word processing application from Haansoft, and is very popular in South Korea, mainly due to the way it has. The infamous North Korea-linked hacker group Lazarus has been found targeting South Korea with a new batch of specially-crafted, malware-laced documents. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |