A cyberattack campaign targeting Vietnam and South Korea has been detected.

The NCSC stated that it has identified a security vulnerability in Foxit PDF Reader, which is being exploited by attackers to spread malware.

In addition, the Cybersecurity Department also noted information about an attack campaign carried out by the Earth Hundun group in 2024, which used RAT malware to conduct attack chains and spread malware to other devices.

Through the analysis process, security experts discovered many malware strains and malicious tools used in the infection chain, such as: VenomRAT, Agent-Tesla, Remcos, NjRAT, NanoCore RAT, Pony, Xworm, AsyncRAT, and DCRat.

According to the NCSC, the RAT targeted users in Vietnam, South Korea, and several other countries.

To ensure information security for information systems, the Information Security Department recommends that units check and review their existing information systems for potential vulnerability to the malware. They should proactively monitor information related to the malware from the manufacturer and upgrade to the latest version to avoid the risk of attack.

At the same time, strengthen monitoring and prepare response plans when signs of exploitation or cyberattacks are detected; Regularly monitor warning channels from relevant authorities and major information security organizations to promptly detect cyberattack risks.

If necessary, you can contact the support point of the Department of Information Security: the National Cybersecurity Monitoring Center for assistance.