ESRC reported targeted attacks against people in South Korea working in North Korea-related fields, using social network phishing through a communication service and, in some cases, spear-phishing email attachments. Attackers impersonated or abused trusted profiles to deliver a malicious Excel file that hid an ActiveX control, which loaded an embedded binary containing Flash exploit code. The exploit attempted to contact a South Korean command-and-control URL at www.dylboiler.co.kr/admincenter/files/boad/4/manager.php after the document was opened. The report notes that the attackers had used previously little-known Flash Player zero-day techniques for months and recommends removing or patching Flash and treating unexpected files or URLs from unverified contacts with caution.