SYMBOLCOMMON_NAMEaka. SYNONYMS

Honeybee  (Back to overview)


McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as bait to lure victims into opening malicious Microsoft Word documents. Our analysts have named this Operation Honeybee, based on the names of the malicious documents used in the attacks. Advanced Threat Research analysts have also discovered malicious documents authored by the same actor that indicate a tactical shift. These documents do not contain the typical lures by this actor, instead using Word compatibility messages to entice victims into opening them. The Advanced Threat Research team also observed a heavy concentration of the implant in Vietnam from January 15–17.


Associated Families

There are currently no families associated with this actor.


References
2019MITREMITRE ATT&CK
@online{attck:2019:honeybee:9d1ffa6, author = {MITRE ATT&CK}, title = {{Group description: Honeybee}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0072/}, language = {English}, urldate = {2019-12-20} } Group description: Honeybee
Honeybee
2018-03-02McAfeeRyan Sherstobitoff
@online{sherstobitoff:20180302:mcafee:fd9192f, author = {Ryan Sherstobitoff}, title = {{McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups}}, date = {2018-03-02}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/}, language = {English}, urldate = {2019-12-04} } McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups
Honeybee

Credits: MISP Project