Campaign · all campaigns
Operation HoneybeeC0006 unknown
aka Operation Honeybee
Last updated: 2026-07-03
About this actor
[Operation Honeybee](https://attack.mitre.org/campaigns/C0006) was a campaign that targeted humanitarian aid and inter-Korean affairs organizations from at least late 2017 through early 2018. [Operation Honeybee](https://attack.mitre.org/campaigns/C0006) initially targeted South Korea, but expanded to include Vietnam, Singapore, Japan, Indonesia, Argentina, and Canada. Security researchers assessed the threat actors were likely Korean speakers based on metadata used in both lure documents and executables, and named the campaign "Honeybee" after the author name discovered in malicious Word documents.(Citation: McAfee Honeybee)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 24 / 43 | 56% |
CM-2 | 23 / 43 | 53% |
SI-3 | 23 / 43 | 53% |
CM-6 | 20 / 43 | 47% |
AC-6 | 19 / 43 | 44% |
CM-7 | 18 / 43 | 42% |
AC-3 | 17 / 43 | 40% |
AC-2 | 16 / 43 | 37% |
CA-7 | 16 / 43 | 37% |
SI-7 | 16 / 43 | 37% |
CM-5 | 10 / 43 | 23% |
AC-5 | 9 / 43 | 21% |
SI-10 | 9 / 43 | 21% |
SI-2 | 9 / 43 | 21% |
IA-2 | 8 / 43 | 19% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- APT41 DUST 0.31
- APT38 0.30
- menuPass 0.30
- Patchwork 0.29
- WIRTE 0.29