Security News South Korean hackers exploited WPS Office zero-day to deploy malware

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,084
The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets.

WPS Office is a productivity suite developed by the Chinese firm Kingsoft that is popular in Asia. Reportedly, it has over 500 million active users worldwide.

The zero-day flaw, tracked as CVE-2024-7262, has been leveraged in attacks in the wild since at least late February 2024, but impacts versions from 12.2.0.13110 (August 2023) to 12.1.0.16412 (March 2024).

Kingsoft "silently" patched the problem in March this year without informing the customers that the flaw was actively exploited, prompting ESET, who discovered the campaign and vulnerability, to publish a detailed report today.

In addition to CVE-2024-7262, ESET's investigation unveiled a second severe flaw, tracked as CVE-2024-7263, which Kingsoft patched in late May 2024 with version 12.2.0.17119.
 

dinosaur07

Level 12
Verified
Top Poster
Well-known
Aug 5, 2012
577
  • Like
Reactions: cartaphilus

Chuck57

Level 12
Verified
Top Poster
Well-known
Oct 22, 2018
588
My favorite office. The word processor is far ahead of Word, IMO. I guess I might take a look at FreeOffice. If WPS is getting hacked and not notifying their users, that's leaving us all open to who knows what.
 
  • Like
Reactions: cartaphilus

jamey910111

Level 2
Jun 7, 2024
87
Not sure if that's related to this .

With MS Office being bloated i have always sought a way out, but end up not being able to small/large incompatibility issues being an issue. Regardless I disable internet access for all my office applications. I only unblock office update for security update then block again. But I think all applications are vulnerable to attacks, and have been...though I suppose MS office is prone to attacks only because it is so widely used, unlike WPS office which may not be that secure? (not really sure how large the user base is).
 
Last edited:
  • Like
Reactions: cartaphilus

cartaphilus

Level 10
Verified
Well-known
Mar 17, 2023
491
My favorite office. The word processor is far ahead of Word, IMO. I guess I might take a look at FreeOffice. If WPS is getting hacked and not notifying their users, that's leaving us all open to who knows what.
It might not be a hack it might be a remote access feature to control dissidents
 
  • Like
Reactions: Chuck57

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top