Security researchers from McAfee’s Advanced Threat Research team have discovered a new cybersecurity operation dubbed “Operation Honeybee” that targets humanitarian aid organizations.
Attackers from the campaign use North Korean political topics to trick victims into opening malicious Microsoft Word documents, that also have the name Honeybee in them.
The analysts said the actors also use a different lure technique, using the Word compatibility messages to entice victims into opening the malicious documents.
The Advanced Threat Research team also noted a heavy concentration of the malware in Vietnam earlier this year. On January 15, the team discovered an operation using a new variant of the SYSCON backdoor, previously spotted by Trend Micro back in October 2017. The Korean-language Word document named “manual.doc” was discovered in Vietnam on January 17, with the original author also named Honeybee.
A timeline and detailed analysis of the Honeybee campaign that also spanned August 20 2017 through February 3 2018 was provided by the McAfee security team.