Autumn Aperture—malware embedded in antiquated file types
Date of report
  • September 2019
  • Believed to be the work of Kimusky, also known as Thallium and Smoke Screen.
A threat actor targeted U.S.-based entities by emailing them malware-laced Microsoft Word documents written by industry experts. The trojanized documents discussed nuclear deterrence, North Korea's nuclear submarine program, and economic sanctions on the North Korean regime. This incident is believed to be an extension of the August Autumn Aperture campaign.
Suspected victims
  • Unnamed U.S.-based entities
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Target category
  • Private sector