| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Operation Shadow Force is a group of malware that is representative of Shadow Force and Wgdrop from 2013 to 2020, and is a group activity that attacks Korean companies and organizations. The group's first confirmed attack was in March 2013, but considering the date of malware creation, it is likely to have been active before 2012. Since the malware used mainly by them is Shadow Force, it was named Operation Shadow Force, and it has not been confirmed whether the attacker is associated with a known group.
There are currently no families associated with this actor.
| 2025-01-07
⋅
AhnLab
⋅
TA-ShadowCricket: The 13-Year Shadow Campaign Exposed Operation Shadow Force |
| 2023-05-02
⋅
AhnLab
⋅
Analysis of CLR SqlShell Used to Attack MS-SQL Servers Operation Shadow Force |
| 2020-04-07
⋅
AhnLab
⋅
Tweet on Operation Shadow Force Operation Shadow Force |
| 2020-04-06
⋅
⋅
AhnLab
⋅
Shadow Force behind normal certificate reveals seven years Operation Shadow Force |