216.73.217.22

Caution Against Watering Hole Attack and Malicious File Distribution Disguised as Unification Education Support Application

· Published 11/03/2025 14:21 · Modified 11/03/2025 16:53

Export JSON

Essential information

Published
11/03/2025 14:21
Modified
11/03/2025 16:53
Tags
2025-03-11 education hwp north korea ole scheduled tasks unification watering hole
Related entities
1 intrusion sets (apt), 6 techniques (mitre), 2 others

Description

A attack targeting program applicants has been discovered. The attackers uploaded malicious document files to a notice board for an educational program. When opened, the file executes hidden malicious code through objects. The malware creates persistence using , downloads additional payloads, and communicates with a command and control server. Based on the techniques used, the attack is attributed to the North Korean Kimsuky group. Users are advised to exercise caution when downloading application forms from such websites.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Intrusion sets (APT) (1)

  • Kimsuky Black BansheeVelvet Chollima
    The MITRE Corporation Confidence 100

    [Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33

Techniques (MITRE) (6)

Others (2)

  • Education
  • Government

External references