APT37 Exploits Hangul Vulnerability with Highly-Evasive M2RAT Malware

16 February 2023
North Korean APT37 was spotted using a highly evasive M2RAT malware and steganography to target individuals for intelligence collection. It exploits an old EPS bug, tracked as CVE-2017-8291, in the Hangul word processor (commonly used in South Korea). The malware uses a shared memory region for executing commands and exfiltrating data from infected machines.