Who is Operation WizardOpium?

Operation WizardOpium is a threat actor attributed to KP. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Operation WizardOpium exploit?

Operation WizardOpium is known to exploit 2 CVEs. View the full list on the Strobes VI threat actor profile page.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Operation WizardOpium

KPInformation theft and espionage

Exploited CVEs

Overview

We are calling these attacks Operation WizardOpium. So far, we have been unable to establish a definitive link with any known threat actors. There are certain very weak code similarities with Lazarus attacks, although these could very well be a false flag. The profile of the targeted website is more in line with earlier DarkHotel attacks that have recently deployed similar false flag attacks.

Exploited Vulnerabilities

CVE ID	Action
CVE-2019-1458	View Details