North Korea may have used unpatched word processor bug to attack South Korea

FireEye blames NK for cyberattacks relying on bug in word processing software

The attack bears a resemblance to the infamous one on Sony Entertainment.

North Korea might have exploited a popular word processor to attack South Korea.

Two researchers at the security firm FireEyeGenwei Jiang and Josiah Kimble, wrote Thursday that there was strong evidence connecting North Korea to intrusions that relied on flaws in the Hangul Word Processor, a South Korean program that’s popular with the country’s businesses. Users who opened infected HWP files unknowingly granted monitoring programs access to their machines.

“While not conclusive, the targeting of a South Korean proprietary word processing software strongly suggests a specific interest in South Korean targets,” the firm said, “and based on code similarities and infrastructure overlap, FireEye Intelligence assesses that this activity may be associated with North Korea-based threat actors.”

The IP addresses of the servers that collected data from the monitoring programs had been linked to other suspected North Korea attacks, the researchers said.

Hancom, the maker of HWP, patched the flaw in its software on Monday.

The use of unpatched software vulnerabilities to gain access to a machine is known as a zero-day exploit. Attackers—from North Korea, according to the U.S. State Department—apparently used the same strategy to infiltrate the servers of Sony Pictures Entertainment and steal highly sensitive corporate documents.

H/T CSO | Illustration by Fernando Alfonso III

Eric Geller

Eric Geller

Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.