NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea
Talos discovered a malicious Hangul Word Processor (HWP) document targeting Korean users. If a malicious document is opened, a remote access trojan, "NavRAT," downloads with command execution and keylogging capabilities.
Korea In The Crosshairs
This article exposes the malicious activities of Group 123 during 2017. We assess with high confidence that Group 123 was responsible for six campaigns targeting both Korean and Non-Korean institutions.
This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An. Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve malicious payloads on several compromised websites. One of the website was a compromised government website. We […]