Autumn Aperture—malware embedded in antiquated file types

Date of report

September 2019

Affiliations

Believed to be the work of Kimusky, also known as Thallium and Smoke Screen.

A threat actor targeted U.S.-based entities by emailing them malware-laced Microsoft Word documents written by industry experts. The trojanized documents discussed nuclear deterrence, North Korea's nuclear submarine program, and economic sanctions on the North Korean regime. This incident is believed to be an extension of the August Autumn Aperture campaign.

Suspected victims

Unnamed U.S.-based entities

Suspected state sponsor

Korea (Democratic People's Republic of)

Target category

Private sector

Autumn Aperture: Threat Campaign Highlights New Evasion Technique using an Antiquated File Format
North Korean hackers target U.S. entities amid stalled denuclearization talks

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events