Operation WizardOpium  (Back to overview)

We are calling these attacks Operation WizardOpium. So far, we have been unable to establish a definitive link with any known threat actors. There are certain very weak code similarities with Lazarus attacks, although these could very well be a false flag. The profile of the targeted website is more in line with earlier DarkHotel attacks that have recently deployed similar false flag attacks.

Associated Families

There are currently no families associated with this actor.

2019-11-01Kaspersky LabsAMR, GReAT
Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
Operation WizardOpium

Credits: MISP Project