Home > National > North Korea

Pyongyang-backed hackers launch newly detected cyberattack scheme using computer files

Published: 22 Dec. 2025, 17:58 Updated: 22 Dec. 2025, 18:43

This image from a report by the Genians Security Center shows a flowchart of a cyberattack believed to have been carried out by the Pyongyang-backed hacking group APT37. [GENIANS SECURITY CENTER]

A North Korea-linked cyber hacking group appears to have launched a new cyberattack campaign, code-named "Artemis," that embeds malicious code inside computer files, a report showed Monday.

The Genians Security Center (GSC), a South Korean cybersecurity institute, said in a report that it detected the operation believed to have been carried out by APT37, a Pyongyang-backed cyber hacking group.

According to the report, the threat actors embedded malicious object linking and embedding code inside Hangul Word Processor (HWP) documents, a common word processor. An attack chain is triggered when a user allows the opening of the document's content and clicks a hyperlink in the file.

The findings follow an October report by 38 North, a U.S.-based website monitoring North Korea, which said North Korean cyber operators have repeatedly exploited the HWP format to infiltrate government, military and key industrial networks in South Korea.

"This attack demonstrates APT37's ongoing pattern of highly developed reconnaissance and infiltration activities," the GSC report said. "It also indicates that the group continues to refine its capabilities by leveraging advanced technical methods."

Yonhap