HWP Malware Using the Steganography Technique: RedEyes (ScarCruft)

In January, the ASEC (AhnLab Security Emergency response Center) analysis team discovered that the RedEyes threat group (also known as APT37, ScarCruft) had been distributing malware by exploiting the HWP EPS (Encapsulated PostScript) vulnerability (CVE-2017-8291). This report will share the RedEyes group’s latest activity in Korea.

1. Overview

The RedEyes group is known for targeting specific individuals and not corporations, stealing not only personal PC information but also the mobile phone data of their targets. A distinct characteristic of the …

ahnlab analysis apt37 asec center corporations cve data emergency eps exploiting information january korea latest malware malware analysis mobile mobile phone personal phone redeyes report response scarcruft security share stealing steganography targeting team threat threat group vulnerability