Operation GoldenAxe describes suspected North Korean activity from June 2016 to May 2017 that compromised more than ten South Korean organization websites tied to diplomacy, aviation, North Korea affairs, unification, parliament, labor, and finance. The attackers used compromised association and institutional websites as watering-hole distribution points, exploiting zero-day vulnerabilities in widely deployed South Korean ActiveX programs for payments, authentication, encryption, reporting, webmail, and groupware. The distributed malware enabled remote control, information theft, and additional payload delivery, and the excerpt says its encryption logic, protocol elements, and C2 command system overlapped with malware previously attributed by South Korean police and prosecutors to North Korea. The report also links the activity to earlier South Korean ATM hacking suspicions and the 2013 March 20 broadcast and financial attacks, highlighting ActiveX software as a recurring weakness in North Korea-linked intrusion chains against South Korean targets.