Autumn Aperture—use of malicious websites to target foreign ministries and other entities
Date of report
  • August 2019
  • Believed to be the work of Kimusky, also known as Thallium and Smoke Screen.
A threat actor targeted a number of foreign ministries, a Chinese technology company, Stanford University, think tanks in the United States and the United Kingdom, and other entities that have focused on North Korea's nuclear efforts or the related international sanctions. The threat actor created a network of malicious websites imitating the login portals of targets. This incident is believed to be an extension of the 2018 BabyShark campaign.
Suspected victims
  • French Ministry for Europe and European Affairs
  • Sina
  • Ministry of Foreign and European Affairs of the Slovak Republic
  • Foreign ministry of the South African government
  • Stanford University
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Target category
  • Government
  • Private sector