The Email That Almost Fooled Me
A few months ago, a colleague almost fell for one of these scams.
He got an email from what looked like a fellow researcher subject line: “Review Request: Military Tech Analysis (Password Protected).” The sender’s name matched a real professor, and the email was polished, professional.
Attached was a password-locked HWP file (a common format in academic circles). The email politely asked him to review the draft and included the password: “Confidential2025.”
He opened it.
Nothing seemed off at first just a research paper on Ukraine-Russia defense tech. But in the background, malware was silently installing, giving hackers remote access to his entire system.
He only realized something was wrong when his IT department flagged strange network activity.
Turns out, he wasn’t alone. Cybersecurity researchers have uncovered a surging wave of attacks where hackers impersonate academics to deliver malware. And it’s scarily effective.
How the Scam Works (Step by Step)
-
The Bait: You get an email from a “professor” or “research group” asking for feedback on a paper. The topic is something relevant military tech, political analysis, AI ethics designed to pique your interest.
-
The Hook: The attachment is password-protected, which feels normal (many academics lock drafts). The email provides the password, so you don’t suspect anything.
-
The Trap: When you open the file, it looks legitimate but hidden inside is malicious code that:
Installs spyware to steal your files. Scans your system for antivirus software. Drops remote-access tools like AnyDesk (letting hackers control your PC silently).
-
The Silent Takeover: Unlike ransomware (which screams for attention), this malware works quietly. You might not notice anything wrong for weeks while hackers siphon data or lurk in your network.
Why This Attack Is So Convincing
It Plays on Trust: Academics expect password-protected drafts. A locked file doesn’t raise red flags it feels normal.
It Bypasses Scanners: Many email filters can’t scan encrypted attachments, so the malware slips through.
The Documents Look Real: These aren’t sloppy fakes. The files contain actual research text, making them seem authentic.
How to Protect Yourself (Without Going Paranoid)
Double-Check Unexpected Emails
If you weren’t expecting a review request, contact the sender through a known email or phone number. Hackers often impersonate real people so verify first.
Use a Sandbox for Suspicious Files
Open questionable attachments in a secure environment like VirusTotal or a virtual machine before opening them on your main computer.
Watch for Red Flags
Emails with urgent or overly formal language.
Attachments from unfamiliar sources (e.g., “Review_Ukraine_Defense_2025.hwp”).
Requests to disable security settings to view the file.
Keep Software Updated
Hackers exploit old vulnerabilities. Ensure your OS, antivirus, and document readers (like Hancom Office) are patched.
Who’s Behind This? (Hint: It’s Not Just Random Hackers)
The group Kimsuky linked to North Korea has been caught running these attacks. Their usual targets?
University researchers (especially in defense, politics, or tech).
Think tanks and policy analysts.
Government contractors.
Their goal? Stealing unpublished research, login credentials, and sensitive data.
Don’t Let Curiosity Override Caution
We’re trained to collaborate in academia to share drafts, peer-review papers, and engage in open discussion.
But that openness is being weaponized.
Next time you get an unexpected research paper, pause. Ask:
Was I expecting this?
Does the sender’s email address match their real one?
Is there any reason this needs a password?
If something feels off, trust that instinct. A quick verification could save you from a major breach.
Discover more from CyberAwareHub
Subscribe to get the latest posts sent to your email.