Cybersecurity firm warns of fake tax invoices with North Korea-linked malware
Published: 02 Dec. 2025, 18:35
![This image, provided by ESTSecurity on Dec. 2, shows a malicious file disguised as a tax invoice. [ESTSECURITY]](https://koreajoongangdaily.joins.com/data/photo/2025/12/02/8e905569-5eb4-4b9f-b47c-d5f080252356.jpg)
This image, provided by ESTSecurity on Dec. 2, shows a malicious file disguised as a tax invoice. [ESTSECURITY]
Fake tax invoice files embedded with malicious code linked to North Korean hackers have been found in a security threat targeting South Koreans, according to a Seoul-based cybersecurity company on Tuesday.
ESTSecurity said it has identified KimJongRAT-infected files circulating online, noting that the remote access Trojan is believed to be linked to the Pyongyang-sponsored hacking group Kimsuky.
The file, disguised as a PDF, actually contained a shortcut that directed users to a link leading to the download of malicious files.
The security company said the malicious code was precisely tailored to target South Korean users.
"While Microsoft is enhancing security, KimJongRAT remains an extremely effective attack method in environments with weak security features," ESTSecurity said, noting that users should keep their software updated.
The cybersecurity firm also advised users to check file extensions before executing files.
Yonhap
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)