A portion of the screen displayed when a malicious PDF document is executed. Provided by East Security.
[Asia Economy Reporter Buaeri] Security company ESTsecurity warned on the 3rd about advanced persistent threat (APT) attacks using malicious PDF document files in South Korea.
According to ESTsecurity Security Response Center (ESRC), the newly discovered PDF file vulnerability attacks have been confirmed to be used in hacking attacks targeting current and former personnel in the fields of diplomacy, security, defense, and unification in South Korea since May.
After an in-depth analysis of the techniques and strategies used in this PDF vulnerability attack, ESRC identified the hacking group known as ‘Thallium,’ linked to North Korea, as the threat actor behind it.
This group had mainly exploited the macro function of MS Word document files (DOC, DOCX) for infection methods until recently, but it is estimated that they have recently attempted to shift to techniques exploiting PDF vulnerabilities.
The ‘Thallium’ group has continuously attempted hacking attacks targeting current and former high-ranking government officials at the vice minister level and above in South Korea. In fact, during the 2021 South Korea-US summit, it was confirmed that they attempted hacking attacks using DOC documents targeting experts in diplomacy, security, unification, and North Korea-related fields.
ESTsecurity has completed an urgent update to enable detection of the newly discovered malicious files through its antivirus program ALYac, and is closely coordinating response measures with relevant government agencies to prevent further damage.
Moon Jonghyun, director of ESTsecurity ESRC, urged, "Along with the previously prevalent DOC malicious document forms, attacks exploiting PDF vulnerabilities are also increasing, so careful attention and preparation are required when receiving PDF files via email."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
