For threat actors that target Korean users their favorite software to exploit for initial access is HWP (Hangul Word Processor). It's MS Word for Korean users. If you are being sent official docs of any kind, chances are it is a .hwp file that needs the program. Banking and internet access affects consumers but HWP is used by more interesting espionage/sabotage targets.
I just looked up CVEs for it. I only see 2 in 2017. This is not a good thing, a complex word processor, even if it was rewritten in a memory safe language would have at least some low level non-memory vulns in 6 years!
https://www.fireeye.com/content/dam/fireeye-www/global/en/bl...
I just looked up CVEs for it. I only see 2 in 2017. This is not a good thing, a complex word processor, even if it was rewritten in a memory safe language would have at least some low level non-memory vulns in 6 years!