A cyberespionage campaign targeting East Asian countries has been exposed, unveiling the APT-C-60 group’s utilization of a zero-day vulnerability in WPS Office to deploy the SpyGlace backdoor. This discovery serves as a stark reminder of the constant threat posed by zero-day vulnerabilities and emphasizes the necessity of prompt software patching.
ESET researchers unearthed the intricate attack orchestrated by the APT-C-60 cyberespionage group, believed to have ties to South Korea. This group exploited a previously undiscovered zero-day vulnerability in WPS Office, a widely used office suite application in East Asia.
The zero-day vulnerability, identified as CVE-2024-4167, was found in the WPS Office text rendering engine, allowing attackers to bypass security measures and execute arbitrary code on targeted systems. This breach paved the way for APT-C-60 to infiltrate the victim’s network and proceed with their attack.
After successfully exploiting the zero-day vulnerability, APT-C-60 deployed the SpyGlace backdoor on compromised systems. SpyGlace is a well-known malware recognized for its discreet data exfiltration capabilities, enabling it to extract sensitive information such as corporate secrets, insights for future cyberattacks, and intelligence for government surveillance purposes. The deployment of SpyGlace signifies APT-C-60’s intentions to establish long-term control within compromised systems for further espionage activities.
In response to this cyber threat, users of WPS Office are strongly advised to update their software immediately. The developers of WPS Office have released a patch (version 11.2.0.10221) addressing the CVE-2024-4167 vulnerability. Enabling automatic updates within the software settings is recommended to ensure timely receipt of future security patches. Additionally, maintaining security awareness among employees to identify suspicious emails and attachments is crucial in preventing malware distribution.
The APT-C-60 campaign exploiting the WPS Office zero-day vulnerability highlights the dynamic cyber threat landscape. Zero-day vulnerabilities pose a significant risk due to the absence of known patches at the time of exploitation. However, organizations and individuals can reduce their vulnerability by remaining vigilant and promptly applying security updates.
While patching is essential, it is not the sole defense against sophisticated cyberattacks. Deploying layered security solutions, segmenting networks, and conducting regular security assessments are additional measures to strengthen cybersecurity defenses. By adhering to these recommendations and staying informed about evolving cyber threats, entities can better protect themselves from falling victim to cyberespionage campaigns similar to those orchestrated by APT-C-60.