Monthly Threat Actor Groups Intelligence Report, January 2019

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the Threat Recon Team, based on data and information collected from December 21, 2018 to January 20, 2019.

The Double Life of SectorA05 Nesting in Agora (Operation Kitty Phishing)

In early January 2019, an email containing malware was distributed to 77 reporters from the Unification Ministry of South Korea. We analysed these malware and identified them as malware used by SectorA05, and we confirm that they have been using a specific C2 server located in Korea for at least 26 months continuously. We decided to group these wave of attacks under what we call “Operation Kitty Phishing”.

SectorA01 Custom Proxy Utility Tool Analysis

This is an analysis of a custom proxy utility tool used by SectorA01 in attacks on financial organizations globally over the years.

Monthly Threat Actor Groups Intelligence Report, December 2018

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the Threat Recon Team, based on data and information collected from November 21 to December 20, 2018.

Introducing Our Research Blog

This post introduces the blog of the NSHC Threat Recon Team.