Researchers warn that U.S. firms are being targeted with legitimate – but trojanized – documents that are often socially engineered to a tee.

Researchers have uncovered an ongoing, sophisticated malware campaign aiming at U.S.-based targets with an interest in nuclear deterrence, North Korea’s nuclear submarine program and North Korean economic sanctions.

The campaign, which researchers from Prevailion call “Autumn Aperture” and link with moderate confidence to the North Korea-based Kimsuky threat actors, sends victims trojanized documents via spear-phishing emails.