Operation Shadow Force  (Back to overview)

Operation Shadow Force is a group of malware that is representative of Shadow Force and Wgdrop from 2013 to 2020, and is a group activity that attacks Korean companies and organizations. The group's first confirmed attack was in March 2013, but considering the date of malware creation, it is likely to have been active before 2012. Since the malware used mainly by them is Shadow Force, it was named Operation Shadow Force, and it has not been confirmed whether the attacker is associated with a known group.

Associated Families

There are currently no families associated with this actor.

2020-04-07AhnLabCHA Minseok
Tweet on Operation Shadow Force
Operation Shadow Force
Shadow Force behind normal certificate reveals seven years
Operation Shadow Force

Credits: MISP Project