Targeting of U.S. university and think tank with BabyShark malware
Date of report
  • February 2019
A threat actor used the malware BabyShark, which uses infrastructure associated with North Korean campaigns. The malware was delivered in November 2018 via spear-phishing emails written to appear as though they were sent from a nuclear security expert who works as a consultant for the U.S. government. The subject of the emails referenced North Korea's nuclear program.
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Type of incident
  • Espionage
Target category
  • Private sector