Associated with: Konni
First seen: 2021-10 •
Last seen: 2022-11
Actors
238 actors
First seen: 2024-06 •
Last seen: 2024-06
First seen: 2024-06 •
Last seen: 2024-06
Associated with: UNC4899
First seen: 2024-06 •
Last seen: 2025-11
Associated with: Kimsuky
First seen: 2026-03 •
Last seen: 2026-03
Associated with: Lawrencium
First seen: 2023-04 •
Last seen: 2023-04
Associated with: Kimsuky
First seen: 2021-09 •
Last seen: 2021-09
Associated with: Andariel
First seen: 2022-07 •
Last seen: 2022-11
Associated with: Contagious Interview
First seen: 2026-03 •
Last seen: 2026-06
The campaign appears to be a continuation of Lazarus activity dubbed Operation Dream Job, which was first observed in August 2020. Symantec tracks this sub-set of Lazarus activity under the name Pompilus.
Associated with: Diamond Sleet
First seen: 2022-04 •
Last seen: 2022-04
In February 2019, PRESSURE CHOLLIMA emerged as a distinct LABYRINTH CHOLLIMA operational subgroup; the adversary now represents one of the most technically advanced Democratic People’s Republic of Korea (DPRK)–nexus adversaries. PRESSURE CHOLLIMA specializes in high-risk, high-reward cryptocurrency theft operations, deploying highly sophisticated, low-prevalence malware such as SparkDownloader
Associated with: Jade Sleet
First seen: 2026-01 •
Last seen: 2026-05
First seen: 2024-08 •
Last seen: 2024-08
Associated with: Famous Chollima
First seen: 2025-02 •
Last seen: 2026-01
Associated with: Bluenoroff
First seen: 2026-03 •
Last seen: 2026-03