A threat actor targeted a number of foreign ministries, a Chinese technology company, Stanford University, think tanks in the United States and the United Kingdom, and other entities that have focused on North Korea's nuclear efforts or the related international sanctions. The threat actor created a network of malicious websites imitating the login portals of targets. This incident is believed to be an extension of the 2018 BabyShark campaign.
- French Ministry for Europe and European Affairs
- Ministry of Foreign and European Affairs of the Slovak Republic
- Foreign ministry of the South African government
- Stanford University
Suspected state sponsor
- Korea (Democratic People's Republic of)
- Private sector