Cyber Resilience

Campaign · all campaigns

Operation HoneybeeC0006 unknown

aka Operation Honeybee

Last updated: 2026-07-03

0attributed CVEs
43ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Operation Honeybee](https://attack.mitre.org/campaigns/C0006) was a campaign that targeted humanitarian aid and inter-Korean affairs organizations from at least late 2017 through early 2018. [Operation Honeybee](https://attack.mitre.org/campaigns/C0006) initially targeted South Korea, but expanded to include Vietnam, Singapore, Japan, Indonesia, Argentina, and Canada. Security researchers assessed the threat actors were likely Korean speakers based on metadata used in both lure documents and executables, and named the campaign "Honeybee" after the author name discovered in malicious Word documents.(Citation: McAfee Honeybee)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-424 / 4356%
CM-223 / 4353%
SI-323 / 4353%
CM-620 / 4347%
AC-619 / 4344%
CM-718 / 4342%
AC-317 / 4340%
AC-216 / 4337%
CA-716 / 4337%
SI-716 / 4337%
CM-510 / 4323%
AC-59 / 4321%
SI-109 / 4321%
SI-29 / 4321%
IA-28 / 4319%

Co-occurring actors

None.

Similar actors

Similar TTPs