Honeybee

Description

(McAfee) McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as bait to lure victims into opening malicious Microsoft Word documents. Our analysts have named this Operation Honeybee, based on the names of the malicious documents used in the attacks.

Advanced Threat Research analysts have also discovered malicious documents authored by the same actor that indicate a tactical shift. These documents do not contain the typical lures by this actor, instead using Word compatibility messages to entice victims into opening them.

The Advanced Threat Research team also observed a heavy concentration of the implant in Vietnam from January 15–17.

Names

Name	Name-Giver
Honeybee	McAfee

Country

Unknown

Motivation

Information theft and espionage

First Seen

2017

Observed Sectors

Those involved in humanitarian aid and inter-Korean affairs

Observed Countries

Tools

Information

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/

Mitre Attack

https://attack.mitre.org/groups/G0072/

Other Information

Uuid

84c2b582-22dd-4dd0-b690-a7b4ff3477ee

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

Honeybee

Honeybee

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks