VibeTimes
#기술

North Korean hacking group APT37 impersonates unification conference materials to target researchers and policymakers

모민철모민철 기자· 7/13/2026, 3:32:24 PM· Updated 7/13/2026, 5:33:18 PM

North Korean hacking group APT37 targeted researchers and policy practitioners with emails disguised as academic conference materials. Genians Security Center revealed on the 13th that attackers, presumed to be APT37, sent emails to individuals in the research, policy, and academic sectors on the 22nd of last month.

The attackers lured victims by purporting to provide proceedings for the academic conference 'Why Mt. Kumgang and Wonsan Tourism Now?' held on June 12 at COEX in Seoul. They hijacked the actual event name and organizer information, while forging sender details to pose as a company in the unification sector.

The attack utilized a multi-stage infection mechanism, tricking victims into downloading an ISO image file via an email link. Upon execution, the file displayed the normal document on the screen while secretly running malware in the background. Analysis indicates that the final payload—a variant of RokRAT, APT37's signature malware—operates within legitimate processes like Windows Explorer to evade detection, and bypasses network monitoring by disguising traffic as legitimate cloud services and Google bots.

쿠팡 파트너스 활동의 일환으로 일정 수수료를 제공받습니다

Related Articles