疑似“Group 123”APT团伙利用HWP软件未公开漏洞的定向攻击分析

2018-11-08 • Qihoo360 • Analysis of a targeted attack by suspected Group 123 APT using an undisclosed HWP software vulnerability •

https://ti.360.net/blog/articles/analysis-of-group123-sample-with-hwp-exploitkit/

#Group123

QiAnXin/360 analyzes a suspected Group 123 APT attack sample targeting Hancom Office HWP users in South Korea. The report says the HWP sample exploited an undisclosed Hancom Office issue related to Ghostscript sandbox handling to execute malicious code, with older Hancom Office versions remaining exposed. It is useful for defenders tracking APT37/Group123 document exploitation, Korean-language software targeting, and low-detection HWP exploit delivery.

Related Actors

Group123

Cisco Talos

Scarcruft

First seen: Jan 2018

Last seen: May 2025

Related Reports

2019-10-28 • 70% Match

疑似Group123（APT37）针对中韩外贸人士的攻击活动分析

Qihoo360

#APT37 #Group123

Shares tag: Group123 • Same author: Qihoo360

2025-05-14 • 60% Match

APT GROUP123

Cyfirma

#Group123 #T1102.002 #T1082 #T1059.003 #T1005 #T1071.001 #T1059.006 #T1027 #T1204.002 #T1555.003 #T1057 #T1059.005 #T1566.001 #T1547.001 #T1053.005 #T1059 #T1105 #T1055 #T1203 #T1189 #T1123 #T1548.002 #T1106 #T1529 #T1033 #T1561.002 #T1559.002 #T1120 #T1036.001 #T1094 #T1027.003

Shares tag: Group123

2023-07-11 • 60% Match