Software that is endemic to a specific country or region has long been a popular attack vector, in particular among APT groups, who have a history of exploiting vulnerabilities in such software. Past VB conference papers have analysed attacks
against
InPage
, popular in Pakistan, and
against
Hangul
, widely used in South Korea.
Japan has also seen a number of targeted attacks against software popular in the country. Such attacks were the subject of a VB2019 paper by Shusei Tomonaga, Tomoaki Tani and colleagues from JPCERT/CC. In particular, they analysed attacks that leveraged vulnerabilities in three pieces of software: the
Sanshiro
spreadsheet software, the
Ichitaro
word processing software, and the
SKYSEA
asset management tool. Their paper also includes in overview of various APT groups’ targeting of Japan.
APT campaign timelines.
Today we publish the researchers’ VB2019 paper in both
HTML
and
PDF
format and also release the recording of their presentation.
APT cases exploiting vulnerabilities in region-specific software
Read the paper (HTML)
Download the paper (PDF)
Leave a Reply