APT-C-60’s 1-Click WPS Office Exploit

Red | Vulnerability Report
Download PDF

The South Korea-linked cyberespionage group APT-C-60 has been actively targeting East Asian organizations by exploiting a zero-day vulnerability, CVE-2024-7262, in the Windows version of WPS Office. This sophisticated attack leverages the CVE-2024-7262 flaw to deliver the SpyGlace backdoor through phishing emails. Additionally, a related security flaw, CVE-2024-7263, surfaced due to an incomplete patch addressing the initial vulnerability, leaving WPS Office users vulnerable to arbitrary code execution.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox