- ‘Game of Thrones’ failed women—and it’s a shame on its legacy Today 7:40 AM
- How to use Tor, the network that lets you browse the web anonymously Today 7:30 AM
- How to live stream Devin Haney vs. Antonio Moran on DAZN Today 7:00 AM
- Trump’s transphobic policies are disgusting—but they aren’t new Today 6:30 AM
- How to watch the Copa del Rey Final online for free Today 5:45 AM
- How to watch the DFB-Pokal final for free Today 5:30 AM
- Curvy Wife Guy drops music video for rap song ‘Chubby Sexy’ Friday 7:33 PM
- A ‘Black Mirror’ spinoff mini-series is coming to YouTube via Netflix Latin America Friday 5:56 PM
- Kanye West appears on David Letterman’s Netflix show to talk Trump, TMZ, and Drake Friday 3:27 PM
- QAnon believers link small-town arrest to deep state conspiracy without evidence Friday 1:58 PM
- Instagram photos showing prison conditions spark massive protest Friday 1:33 PM
- ‘Gay rat wedding’ headline sparks amazing new meme Friday 1:03 PM
- ‘I read a gossip piece’ meme mocks Moby’s Instagram post Friday 12:39 PM
- Rotten Tomatoes wants to see your ticket stub to leave a verified review Friday 11:46 AM
- ‘Sonic the Hedgehog’ movie delayed to 2020 to fix his look Friday 11:39 AM
North Korea may have used unpatched word processor bug to attack South Korea
The attack bears a resemblance to the infamous one on Sony Entertainment.
Two researchers at the security firm FireEye, Genwei Jiang and Josiah Kimble, wrote Thursday that there was strong evidence connecting North Korea to intrusions that relied on flaws in the Hangul Word Processor, a South Korean program that’s popular with the country’s businesses. Users who opened infected HWP files unknowingly granted monitoring programs access to their machines.
“While not conclusive, the targeting of a South Korean proprietary word processing software strongly suggests a specific interest in South Korean targets,” the firm said, “and based on code similarities and infrastructure overlap, FireEye Intelligence assesses that this activity may be associated with North Korea-based threat actors.”
The IP addresses of the servers that collected data from the monitoring programs had been linked to other suspected North Korea attacks, the researchers said.
Hancom, the maker of HWP, patched the flaw in its software on Monday.
The use of unpatched software vulnerabilities to gain access to a machine is known as a zero-day exploit. Attackers—from North Korea, according to the U.S. State Department—apparently used the same strategy to infiltrate the servers of Sony Pictures Entertainment and steal highly sensitive corporate documents.
H/T CSO | Illustration by Fernando Alfonso III
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.