The Double Life of SectorA05 Nesting in Agora Operation Kitty Phishing
released on 2019-01-30 @ 03:26:29 PM
In early January 2019, an email containing malware was distributed to 77 reporters covering topics related to the Unification Ministry of South Korea. We analysed these malware and identified them as malware used by SectorA05, and we confirm that they have been using a specific C2 server with a Korean domain name using Japanese IP address for at least 27 months continuously.