- North Korean hackers are posing as Samsung Employees, making job offers
- Encouraging victims to download malicious PDF reader software
- It's thought the miscreants were trying their hand at a supply chain attack
- Report comes from Google's Threat Horizon's November report
Employees at South Korean companies which make anti malware software started receiving emails from 'Samsung employees', offering them jobs.
The basic emails pointed to an attached rar file, which contained a PDF document. The PDF document was malformed and could not be opened - when the emails' senders were told about this, they sent on "special" PDF software to view the document.
The software was a modified version of PDFTron - legit PDF software. The PDF document contained a hidden executable, which if run via the software, would be decoded and executed.
It is thought the goal was to initiate some kind of supply chain attack. Infect the employees, before injecting malicious code into a software update which would then be downloaded by the customers of the company.