Attacks Using Malicious Hangul Word Processor(HWP) DocumentsReturn to TOC

No ratings

Presented at FIRST 2014 by

Jaebyung Yoon

Recently, ATP attacks in Korea use document files (Hangul Word Processor) as an infection vector. Main features of these attacks are using HWP vulnerabilities, hot issue contents of documents, and spear phishing. HWP is the main word processor software as much as MS Word in Korea. HWP document format is the de facto format especially in the Korean government. We could see a lot of HWP vulnerabilities and exploits through the Vulnerability Reward Program and APT attacks. There are many reasons HWP is attractive to an attacker. - All government officers use HWP - No filtering about HWP files by attack detection devices - Many users are without software updates Vulnerability, exploits and response will be discussed.