ETDA ThaiCERT
Report
Search
Home > List all groups > Honeybee

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Honeybee

NamesHoneybee (McAfee)
Country[Unknown]
MotivationInformation theft and espionage
First seen2017
Description(McAfee) McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as bait to lure victims into opening malicious Microsoft Word documents. Our analysts have named this Operation Honeybee, based on the names of the malicious documents used in the attacks.

Advanced Threat Research analysts have also discovered malicious documents authored by the same actor that indicate a tactical shift. These documents do not contain the typical lures by this actor, instead using Word compatibility messages to entice victims into opening them.

The Advanced Threat Research team also observed a heavy concentration of the implant in Vietnam from January 15–17.
ObservedSectors: Those involved in humanitarian aid and inter-Korean affairs.
Countries: Argentina, Canada, Indonesia, Japan, Singapore, South Korea, Vietnam.
Tools usedSyscon, Living off the Land.
Information<https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/>
MITRE ATT&CK<https://attack.mitre.org/groups/G0072/>

Last change to this card: 22 April 2020

Download this actor card in PDF or JSON format

Previous: Hidden Lynx, Aurora Panda
Next: Hurricane Panda

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key