ASEC_REPORT_vol.89.pdf (459 KB)

AhnLab’s ASEC quarterly report highlights targeted abuse of centralized management software in Korean enterprise and institutional environments, where attackers used management servers or vulnerable client agents to distribute malware at scale. The report describes attacks from 2015 through 2017 against several management products, including tools that delivered files such as pscan.exe, generated VBS download scripts, repaired intentionally malformed Windows executables, and then executed malware on client systems. In its broader 2017 review, ASEC notes that supply-chain attacks, cryptocurrency threats, and document-based exploitation became major security issues. The DPRK-relevant section is limited to the observation that multiple Microsoft Office vulnerabilities, including CVE-2017-0199, CVE-2017-8759, CVE-2017-8570, and CVE-2017-11826, were used in targeted attacks themed around issues such as North Korean nuclear activity and the Pyeongchang Winter Olympics. No specific North Korean actor attribution is provided in the excerpt, but the material is useful for tracking Korea-focused targeting themes and document-exploit tradecraft.