kams.jpeg (198 KB)

IssueMakersLab reported that North Korea's Lazarus Group registered a malicious HWP document in a Korean Academy of Medical Sciences website notice. The lure was described as a notice about temporary permission for online academic conferences, and the post says it was used to distribute malware. The same captured page also mentions Lazarus distributing CRAT malware disguised as the EyeLeo eye protection program on a South Korean Windows forum.