Security News South Korean hackers exploited WPS Office zero-day to deploy malware

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/apt-c-60-hackers-exploited-wps-office-zero-day-to-deploy-spyglace-malware/

The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets.

WPS Office is a productivity suite developed by the Chinese firm Kingsoft that is popular in Asia. Reportedly, it has over 500 million active users worldwide.

The zero-day flaw, tracked as CVE-2024-7262, has been leveraged in attacks in the wild since at least late February 2024, but impacts versions from 12.2.0.13110 (August 2023) to 12.1.0.16412 (March 2024).

Kingsoft "silently" patched the problem in March this year without informing the customers that the flaw was actively exploited, prompting ESET, who discovered the campaign and vulnerability, to publish a detailed report today.

In addition to CVE-2024-7262, ESET's investigation unveiled a second severe flaw, tracked as CVE-2024-7263, which Kingsoft patched in late May 2024 with version 12.2.0.17119.

South Korean hackers exploited WPS Office zero-day to deploy malware

The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets.

www.bleepingcomputer.com

 

[dinosaur07]

South Korean hackers exploited WPS Office zero-day to deploy malware

The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets.

www.bleepingcomputer.com

One big reason to stay away from WPS software

 

[Chuck57]

My favorite office. The word processor is far ahead of Word, IMO. I guess I might take a look at FreeOffice. If WPS is getting hacked and not notifying their users, that's leaving us all open to who knows what.

 

[jamey910111]

Not sure if that's related to this .

Blackwood hackers hijack WPS Office update to install malware

A previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.

www.bleepingcomputer.com

With MS Office being bloated i have always sought a way out, but end up not being able to small/large incompatibility issues being an issue. Regardless I disable internet access for all my office applications. I only unblock office update for security update then block again. But I think all applications are vulnerable to attacks, and have been...though I suppose MS office is prone to attacks only because it is so widely used, unlike WPS office which may not be that secure? (not really sure how large the user base is).

 

[cartaphilus]

My favorite office. The word processor is far ahead of Word, IMO. I guess I might take a look at FreeOffice. If WPS is getting hacked and not notifying their users, that's leaving us all open to who knows what.

It might not be a hack it might be a remote access feature to control dissidents