- Man dragged for recording, posting video of neighbor being ‘killed’ instead of helping Saturday 4:14 PM
- How to stream Saints vs. Bears in Week 7 Saturday 3:25 PM
- How to stream Seahawks vs. Ravens in Week 7 Saturday 3:25 PM
- Are TikTok teens throwing up gang signs in their videos? Saturday 2:45 PM
- Anti-impeachment protesters believe ‘deep state’ tried to sabotage rally Saturday 12:51 PM
- How to stream 49ers vs. Redskins in Week 7 Saturday 12:00 PM
- How to stream Cardinals vs. Giants in Week 7 Saturday 12:00 PM
- How to stream Packers vs. Raiders in Week 7 Saturday 12:00 PM
- How to stream Vikings vs. Lions in Week 7 Saturday 12:00 PM
- How to stream Rams vs. Falcons in Week 7 Saturday 12:00 PM
- Billie Eilish fans think they figured out who stole her ring Saturday 11:32 AM
- ‘Give me candy’: Hailey Bieber mocked for defense of celebrating Halloween as a Christian Saturday 10:28 AM
- Aaron Paul predicted Jesse Pinkman’s fate on Reddit years ago Saturday 8:53 AM
- Netflix’s ‘Eli’ is a satisfyingly nasty blend of haunted houses and medical horror Saturday 7:00 AM
- Why 8chan’s founder is fighting to keep the infamous message board dead Saturday 6:30 AM
North Korea may have used unpatched word processor bug to attack South Korea
The attack bears a resemblance to the infamous one on Sony Entertainment.
Two researchers at the security firm FireEye, Genwei Jiang and Josiah Kimble, wrote Thursday that there was strong evidence connecting North Korea to intrusions that relied on flaws in the Hangul Word Processor, a South Korean program that’s popular with the country’s businesses. Users who opened infected HWP files unknowingly granted monitoring programs access to their machines.
“While not conclusive, the targeting of a South Korean proprietary word processing software strongly suggests a specific interest in South Korean targets,” the firm said, “and based on code similarities and infrastructure overlap, FireEye Intelligence assesses that this activity may be associated with North Korea-based threat actors.”
The IP addresses of the servers that collected data from the monitoring programs had been linked to other suspected North Korea attacks, the researchers said.
Hancom, the maker of HWP, patched the flaw in its software on Monday.
The use of unpatched software vulnerabilities to gain access to a machine is known as a zero-day exploit. Attackers—from North Korea, according to the U.S. State Department—apparently used the same strategy to infiltrate the servers of Sony Pictures Entertainment and steal highly sensitive corporate documents.
H/T CSO | Illustration by Fernando Alfonso III
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.