"North Korea Policy Document Malware Attack" .. 'Koni Spear Phishing' Alert
Contains North Korea's 2020 Policies and Japan's 2020 Paralympics Details
[Asia Economy Reporter Jin-gyu Lee] East Security announced on the 17th that a new spear-phishing attack attempt by the advanced persistent threat (APT) group 'Koni' has been detected this year.
Spear-phishing is carried out by embedding malware in emails from trusted accounts to extract information from specific individuals or companies.
The recently discovered APT attack is presumed to have used a method attaching malicious DOC document files to emails. The two types of malicious document files used in the attack share the same file saver name, 'Georgy Toloraya,' and the internal code page was created based on the Korean language. Additionally, the document files are written in Russian and contain content related to North Korea's 2020 policies and Japan's 2020 Paralympics.
In particular, the file name of the document related to the Japan 2020 Paralympics impersonates a real charity organization, 'Kinzler Foundation,' as 'Kinzler Foundation for 2020 Tokyo Paralympic games.doc,' encouraging the email recipients to trust and open the document.
The malicious macro code used in the attack was created very similarly to the macros previously used by the Koni group, and the structure of the malicious document files was also found to be very similar.
If a user who receives the email clicks the 'Enable Content' button on the attached document containing Russian text or the Japan Paralympics-related content, the malware is executed. Once infected, the malware uploads key information from the user's PC system to a server designated by the attacker and enables remote control according to additional commands from the attacker, potentially leading to secondary damage.
Hot Picks Today
600 Million vs. 460 Million vs. 160 Million... Samsung Electronics DS Division: "Three Paychecks Under One Roof"
- Opening a Bank Account in Korea Is Too Difficult..."Over 150,000 Won in Notarization Fees Just for a Child's Account and Debit Card" [Foreigner K-Finance Status]②
- "Disappointing Results: 80% of Sunscreens Found Lacking in Safety and Effectiveness"
- "Not Even Buying a Bottle of Water": BTS Fans Outraged Over Price-Gouging by Busan Accommodations
- "Who Is Visiting Japan These Days?" The Once-Crowded Tourist Spots Empty Out... What's Happening?
Jong-hyun Moon, director of East Security, said, "Since there was a case last year where commonalities between the Koni and Kimsuky organizations were found, continuous research on these two groups is necessary," adding, "Koni's APT attacks using North Korea-related topics have been ongoing steadily, and since Koni's activities have been newly detected this year as well, we are strengthening focused monitoring."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
!["Please Help Us": How Much Do Those Bowing Deeply for Your Vote Really Earn? [Data Pick]](https://cwcontent.asiae.co.kr/asiaresize/307/2026052010120870131_1779239528.png)
