APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
28 August 2024
A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace.
The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecurity firms ESET and DBAPPSecurity. The attacks have been found to infect Chinese and East Asian users