In early January 2019, an email containing malware was distributed to 77 reporters from the Unification Ministry of South Korea. We analysed these malware and identified them as malware used by SectorA05, and we confirm that they have been using a specific C2 server located in Korea for at least 26 months continuously. We decided to group these wave of attacks under what we call “Operation Kitty Phishing”.
This is an analysis of a custom proxy utility tool used by SectorA01 in attacks on financial organizations globally over the years.
This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the Threat Recon Team, based on data and information collected from November 21 to December 20, 2018.
This post introduces the blog of the NSHC Threat Recon Team.