Autumn Aperture—use of malicious websites to target foreign ministries and other entities

Date of report

August 2019

Affiliations

Believed to be the work of Kimusky, also known as Thallium and Smoke Screen.

A threat actor targeted a number of foreign ministries, a Chinese technology company, Stanford University, think tanks in the United States and the United Kingdom, and other entities that have focused on North Korea's nuclear efforts or the related international sanctions. The threat actor created a network of malicious websites imitating the login portals of targets. This incident is believed to be an extension of the 2018 BabyShark campaign.

Suspected victims

French Ministry for Europe and European Affairs
Sina

Ministry of Foreign and European Affairs of the Slovak Republic
Foreign ministry of the South African government

Stanford University

Suspected state sponsor

Korea (Democratic People's Republic of)

Target category

Government
Private sector

Hacking group targets organizations focused on North Korea's missile program
Suspected North Korean Cyber Espionage Campaign Targets Multiple Foreign Ministries and Think Tanks

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events