- Daniel Caesar dons cape for whiteness—and gets canceled Wednesday 4:29 PM
- Triton is a new malware ‘deliberately’ designed to put lives at risk Wednesday 3:23 PM
- ‘Into the Dark: I’m Just F*cking with You’ is one of the series’ best Wednesday 1:54 PM
- Trump’s latest prop, a map of ISIS, gets memed Wednesday 12:54 PM
- HBO sends fans on a global scavenger hunt for 6 Iron Thrones Wednesday 11:51 AM
- The Awkward Family Photos game is Cards Against Humanity for meme lovers Wednesday 11:50 AM
- London firefighters’ organization accuses ‘Peppa Pig’ of sexism Wednesday 11:41 AM
- YouTuber accused of abusing her children to make kid-friendly content Wednesday 11:20 AM
- Ari Fleischer’s Iraq War tweet isn’t going over well Wednesday 10:54 AM
- Cop arrested for recording man’s genitals, forcing mentally ill man to twerk Wednesday 10:37 AM
- MoviePass rebrands its unlimited plan, again Wednesday 10:37 AM
- Former Alaska senator launches meme-filled 2020 primary campaign Wednesday 10:17 AM
- The Shane Dawson cat controversy has resulted in these sex memes Wednesday 10:06 AM
- Sarah Sanders mocks CNN reporter with ‘dear diary’ tweet Wednesday 9:03 AM
- Know what you’re signing up for thanks to these dating site reviews Wednesday 8:58 AM
North Korea may have used unpatched word processor bug to attack South Korea
The attack bears a resemblance to the infamous one on Sony Entertainment.
Two researchers at the security firm FireEye, Genwei Jiang and Josiah Kimble, wrote Thursday that there was strong evidence connecting North Korea to intrusions that relied on flaws in the Hangul Word Processor, a South Korean program that’s popular with the country’s businesses. Users who opened infected HWP files unknowingly granted monitoring programs access to their machines.
“While not conclusive, the targeting of a South Korean proprietary word processing software strongly suggests a specific interest in South Korean targets,” the firm said, “and based on code similarities and infrastructure overlap, FireEye Intelligence assesses that this activity may be associated with North Korea-based threat actors.”
The IP addresses of the servers that collected data from the monitoring programs had been linked to other suspected North Korea attacks, the researchers said.
Hancom, the maker of HWP, patched the flaw in its software on Monday.
The use of unpatched software vulnerabilities to gain access to a machine is known as a zero-day exploit. Attackers—from North Korea, according to the U.S. State Department—apparently used the same strategy to infiltrate the servers of Sony Pictures Entertainment and steal highly sensitive corporate documents.
H/T CSO | Illustration by Fernando Alfonso III
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.