Targeting of South Korean individuals and organizations with fake Itaewon disaster documents
APT 37 was detected using a zero day in the Internet Explorer application as part of a phishing campaign against South Korean users. APT 37 also used a lure document purporting to analyze the stampede that occurred at Itaewon, a neighborhood in Seoul, on October 29, 2022, to entice users to open the phishing document.
Suspected victims
  • South Korean organizations and individuals
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Type of incident
  • Espionage
Target category
  • Private sector
  • Civil society
Victim government reaction
  • Unknown
Policy response
Suspected state sponsor response