Cyber ​​attack campaign targeting Vietnam and South Korea detected

NCSC said the agency has recorded the appearance of an information security vulnerability on Foxit PDF Reader, which is being exploited by attackers to spread malware.

In addition, the Information Security Department also recorded information about an attack campaign carried out by the Earth Hundun group in 2024, using RAT malware to conduct attack chains and spread malware to other devices.

Through the analysis process, security experts discovered many strains of malware and malicious tools used in the infection chain such as: VenomRAT, Agent-Tesla, Remcos, NjRAT, NanoCore RAT, Pony, Xworm, AsyncRAT and DCRat.

According to NCSC, RAT targets users in Vietnam, South Korea and several other countries.

To ensure information security for the information system, the Information Security Department recommends that units check and review the information systems in use that are likely to be affected by the above malware. Proactively monitor information related to malware from the manufacturer to upgrade to the latest version to avoid the risk of being attacked.

At the same time, strengthen monitoring and prepare response plans when detecting signs of exploitation and cyber attacks; Regularly monitor warning channels of authorities and large organizations on information security to promptly detect risks of cyber attacks.

If necessary, you can contact the support contact of the Information Security Department: National Cyber ​​Security Monitoring Center for support.