FSI_Threat_Intelligence_Report_-_Campaign_RIFLE.pdf (26 MB)

Financial Security Institute profiled the Rifle campaign as a series of linked intrusions and malware cases targeting South Korea. The excerpt says FSI tracked multiple incidents over several years and assessed them as activity by the same attacker, publishing both a full CTI report and an executive summary. The material also references malicious-code profiling involving Hangul document files, indicating document-based malware was part of the analyzed tradecraft. The archive is relevant because it preserves an early Korean-language profile of Andariel/Rifle activity against domestic targets.