--- title: "North Korea Attacks United States…with Spear Phishing | DuoCircle" description: "The wars of the future won’t be fought with bombs and planes they’ll be fought with 1s and 0s. And while the U.S." image: "https://www.duocircle.com/images/og-default.png" canonical: "https://www.duocircle.com/blog/phishing-protection/north-korea-attacks-united-stateswith-spear-phishing/" --- Quick Answer Prevailion researchers tracked an ongoing North Korea-linked spear-phishing campaign called Autumn Aperture targeting US firms involved with nuclear deterrence, North Korea's nuclear submarine program, and economic sanctions. Victims receive booby-trapped, legitimate-looking documents the recipient was likely expecting. Newer features include host enumeration, password-protecting attached documents to slow inspection, and Windows Management Instrumentation (WMI) checks that compare running processes and services against a list of known antivirus products to decide whether to fetch the next-stage payload. The takeaway: organizations holding sensitive intellectual property need real-time link click protection at the email layer, because user inspection won't catch this level of targeting. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fphishing-protection%2Fnorth-korea-attacks-united-stateswith-spear-phishing%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=North%20Korea%20Attacks%20United%20States%E2%80%A6with%20Spear%20Phishing&url=undefined%2Fblog%2Fphishing-protection%2Fnorth-korea-attacks-united-stateswith-spear-phishing%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fphishing-protection%2Fnorth-korea-attacks-united-stateswith-spear-phishing%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fphishing-protection%2Fnorth-korea-attacks-united-stateswith-spear-phishing%2F&title=North%20Korea%20Attacks%20United%20States%E2%80%A6with%20Spear%20Phishing "Share on Reddit") [ ](mailto:?subject=North%20Korea%20Attacks%20United%20States%E2%80%A6with%20Spear%20Phishing&body=Check out this article: undefined%2Fblog%2Fphishing-protection%2Fnorth-korea-attacks-united-stateswith-spear-phishing%2F "Share via Email") ![Spear Phishing](https://media.mailhop.org/duocircle/images/2019/09/email-sending-services-5611.jpg) _The wars of the future won’t be fought with bombs and planes they’ll be fought with 1s and 0s_. And while the U.S. is worried about North Korea getting nuclear weapons, it should be more worried about their cyberattacks. The [latest salvo from North Korea](https://threatpost.com/north-korean-spear-phishing-attack-us/148299/) is a **spear-phishing attack** targeting U.S. firms “with an interest in nuclear deterrence, North Korea’s nuclear submarine program and North Korean economic sanctions.” Apparently _this is an ongoing malware campaign aimed at U.S. companies_. “The campaign, which researchers from Prevailion call ‘**Autumn Aperture**‘ sends victims trojanized documents via spear-phishing emails. The campaign is highly sophisticated, using legitimate documents that the targets were likely expecting, which have been booby-trapped.” If North Korea does gain nuclear secrets, you can be sure it’s due, at least in part, to its ability to steal secrets using spear phishing attacks. And according to the report, the latest **spear phishing emails** are pretty advanced. For example, “One newly added feature would enumerate the host machine and experiment with password-protecting certain documents. Autumn Aperture also added a new feature called Windows Management Instrumentation (WMI), the infrastructure for management data and operations on Windows-based operating systems, to determine if it was safe to obtain the next payload on the host machine. It did this by obtaining a list of running processes and services from WMI, then comparing that output to a list of known antivirus products.” [![cloud-based email security ](https://media.mailhop.org/duocircle/images/2019/09/email-smtp-service-4811.jpg)](https://media.mailhop.org/duocircle/images/2019/09/email-smtp-service-4811.jpg) Deploying [cloud-based email security](/email/phishing-protection) with real-time link click protection is important for all companies, but it’s especially important for companies with **nuclear secrets**. _The only way to combat these advanced phishing tactics is with technology that’s prepared to sniff it out_. Whether you work for an organization with nuclear secrets or not, you should strongly consider protecting your employees with technology like that with [Advanced Threat Defense](/advanced-threat-defense). It protects employees from malicious emails 24/7 on any device. ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) Brad Slavin General Manager General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio. ## Secure your email infrastructure Protect, authenticate, and deliver. Contact our team to find the right solution. [Contact Sales](/contact/) [Explore Products](/products/) ## Related Articles [ Phishing 11m AI-Generated Phishing Has Eliminated the Typo: Why Traditional Email Filters Are No Longer Enough Apr 28, 2026 ](/blog/ai-generated-phishing-eliminates-typos-making-traditional-email-filters-ineffective/)[ Phishing 5m 10 Applications of ChatGPT that Hackers Are Already Exploiting May 3, 2023 ](/blog/phishing-protection/10-applications-of-chatgpt-that-hackers-are-already-exploiting/)[ Phishing 4m 65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks Mar 29, 2016 ](/blog/phishing-protection/65-global-businesses-ill-equipped-defend-email-based-cyber-attacks/)[ Phishing 9m 7 Ways to Protect Your Organization from Email-based Ransomware Attacks Feb 11, 2018 ](/blog/phishing-protection/7-ways-protect-organization-email-based-ransomware-attacks/) ```json {"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"North Korea Attacks United States…with Spear Phishing","description":"The wars of the future won’t be fought with bombs and planes they’ll be fought with 1s and 0s. And while the U.S.","url":"https://www.duocircle.com/blog/phishing-protection/north-korea-attacks-united-stateswith-spear-phishing/","datePublished":"2019-09-17T15:33:59.000Z","dateModified":"2025-06-06T17:05:42.000Z","dateCreated":"2019-09-17T15:33:59.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/north-korea-attacks-united-stateswith-spear-phishing/"},"articleSection":"phishing-protection","keywords":"","wordCount":312,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2019/09/email-sending-services-5611.jpg","caption":"Spear Phishing","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Phishing"},{"@type":"ListItem","position":3,"name":"North Korea Attacks United States…with Spear Phishing","item":"https://www.duocircle.com/blog/phishing-protection/north-korea-attacks-united-stateswith-spear-phishing/"}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Phishing","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"North Korea Attacks United States…with Spear Phishing","item":"https://www.duocircle.com/blog/phishing-protection/north-korea-attacks-united-stateswith-spear-phishing/"}]} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"North Korea Attacks United States…with Spear Phishing","description":"The wars of the future won’t be fought with bombs and planes they’ll be fought with 1s and 0s. And while the U.S.","url":"https://www.duocircle.com/blog/phishing-protection/north-korea-attacks-united-stateswith-spear-phishing/","datePublished":"2019-09-17T15:33:59.000Z","dateModified":"2025-06-06T17:05:42.000Z","dateCreated":"2019-09-17T15:33:59.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/north-korea-attacks-united-stateswith-spear-phishing/"},"articleSection":"phishing-protection","keywords":"","wordCount":312,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2019/09/email-sending-services-5611.jpg","caption":"Spear Phishing","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ```