Caution Against Watering Hole Attack and Malicious File Distribution Disguised as Unification Education Support Application

Description

A watering hole attack targeting unification education program applicants has been discovered. The attackers uploaded malicious HWP document files to a notice board for an educational program. When opened, the file executes hidden malicious code through OLE objects. The malware creates persistence using scheduled tasks, downloads additional payloads, and communicates with a command and control server. Based on the techniques used, the attack is attributed to the North Korean Kimsuky group. Users are advised to exercise caution when downloading application forms from such websites.