Targeting of South Korean individuals and organizations with fake Itaewon disaster documents

Affiliations

APT 37

APT 37 was detected using a zero day in the Internet Explorer application as part of a phishing campaign against South Korean users. APT 37 also used a lure document purporting to analyze the stampede that occurred at Itaewon, a neighborhood in Seoul, on October 29, 2022, to entice users to open the phishing document.

Suspected victims

South Korean organizations and individuals

Suspected state sponsor

Korea (Democratic People's Republic of)

Type of incident

Espionage

Target category

Private sector
Civil society

Victim government reaction

Unknown

Policy response

Unknown

Suspected state sponsor response

Unknown

Internet Explorer 0-day exploited by North Korean actor APT37

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events