2024 Recap - North Korean Threat Actor Activity - Poly Swarm

2024 Recap - North Korean Threat Actor Activity

2024-12-13 • Poly Swarm •

https://blog.polyswarm.io/2024-recap-north-korean-threat-actor-activity

#SilentChollima #VelvetChollima #LabyrinthChollima #StardustChollima #RicochetChollima #MoonstoneSleet #FamousChollima

Thumbnail for 2024 Recap - North Korean Threat Actor Activity

Velvet Chollima, also known as Kimsuky, Thallium, APT43, Emerald Sleet, Springtail, and Black Banshee, is a North Korean threat actor group thought to be an offshoot of Lazarus Group. Stardust Chollima, also known as BlueNoroff, TA444, APT38, BlackAlicanto, Coperenicum, and Sapphire Sleet, is a North Korean threat actor group that is likely an offshoot of Lazarus Group. 2024 North Korea Nexus Threat Actor Activity Silent Chollima, also known as Stonefly, Andariel, Onyx Sleet, TDrop2, and DarkSeoul, is a North Korean threat actor group that is reportedly an offshoot of Lazarus Group. The group is known for financially motivated activity, including targeting banks, casinos, cryptocurrency exchanges, ATMs, and SWIFT endpoints.

Indicators of Compromise

Type	Value	First Seen	Last Seen
HASH	f59035192098e44b86c4648a0de4078…	2024-05-28	2025-02-16
HASH	3c8dbfcbb4fccbaf924f9a650a04cb4…	2024-09-09	2024-12-27
HASH	0b5db31e47b0dccfdec46e74c0e70c6…	2024-09-09	2024-12-27
HASH	5c907b722c53a5be256dc5f96b755bc…	2024-09-09	2024-12-27
HASH	bfd74b4a1b413fa785a49ca4a9c0594…	2024-09-09	2024-12-27
HASH	f3b0da965a4050ab00fce727bb31e0f…	2024-09-09	2024-12-27
HASH	96118268f9ab475860c3ae3edf00d9e…	2024-10-02	2024-12-13
HASH	e5d56cb7085ed8caf6c8269f4110265…	2024-10-02	2024-12-13
HASH	75448c81d54acb16dd8f5c14e3d4713…	2024-10-02	2024-12-13
HASH	fce7db964bef4b37f2f430c6ea99f43…	2024-10-02	2024-12-13
HASH	5633691b680b46b8bd791a656b0bb9f…	2024-10-02	2024-12-13
HASH	12bf9fe2a68acb56eb01ca97388a126…	2024-10-02	2024-12-13
HASH	f64dab23c50e3d131abcc1bdbb35ce9…	2024-10-02	2024-12-13
HASH	d71f478b1d5b8e489f5daafda99ad20…	2024-10-02	2024-12-13
HASH	ee7926b30c734b49f373b88b3f0d73a…	2024-10-02	2024-12-13
HASH	8daa6b20caf4bf384cc7912a73f243c…	2024-07-25	2024-12-13
HASH	fed94f461145681dc9347b382497a72…	2024-07-25	2024-12-13
HASH	1b88b939e5ec186b2d19aec8f17792d…	2024-07-25	2024-12-13
HASH	f1662bee722a4e25614ed30933b0ced…	2024-07-25	2024-12-13
HASH	7339cfa5a67f5a4261c18839ef971d7…	2024-07-25	2024-12-13
HASH	3098e6e7ae23b3b8637677da7bfc0ba…	2024-07-25	2024-12-13
HASH	29c6044d65af0073424ccc01abcb841…	2024-07-25	2024-12-13
HASH	cb97ec024c04150ad419d1af2d1eb66…	2024-05-28	2024-12-13
HASH	09d152aa2b6261e3b0a1d1c19fa8032…	2024-05-28	2024-12-13
HASH	9863173e0a45318f776e36b1a852938…	2024-05-28	2024-12-13
HASH	cafaa7bc3277711509dc0800ed53b82…	2024-05-28	2024-12-13
HASH	39d7407e76080ec5d838c8ebca5182f…	2024-05-28	2024-12-13
HASH	8e45daace21f135b54c515dbd5cf6e0…	2024-05-16	2024-12-13
HASH	7bd723b5e4f7b3c645ac04e763dfc91…	2024-05-16	2024-12-13
HASH	47d084e54d15d5d313f09f5b5fcdea0…	2024-05-16	2024-12-13
HASH	6f3e849ee0fe7a6453bd0408f0537fa…	2024-01-03	2024-12-13
HASH	0837dd54268c373069fc5c1628c6e3d…	2023-02-09	2024-12-13
HASH	f32f6b229913d68daad937cc72a57aa…	2021-12-22	2024-12-13
HASH	868a62feff8b46466e9d63b83135a79…	2021-12-22	2024-12-13

Related Actors

Famous Chollima

Crowd Strike

First seen: Aug 2024

Last seen: Jun 2026

Labyrinth Chollima

Crowd Strike

Lazarus

First seen: Feb 2018

Last seen: Jun 2026

Moonstone Sleet

Microsoft

Lazarus

First seen: May 2024

Last seen: Nov 2025

Ricochet Chollima

Crowd Strike

Scarcruft

First seen: Feb 2019

Last seen: Jan 2026

Silent Chollima

Crowd Strike

Andariel

First seen: Apr 2014

Last seen: Jan 2026

Stardust Chollima

Crowd Strike

Bluenoroff

First seen: Feb 2018

Last seen: Jun 2026

Velvet Chollima

Crowd Strike

Kimsuky

First seen: Feb 2019

Last seen: May 2026

Related Reports

2024-11-22 • 57% Match

Exploring CISA’s 2023 Top Routinely Exploited Vulnerabilities

Vulncheck

#Trend #SilentChollima #VelvetChollima #LabyrinthChollima

Shares tags: SilentChollima, VelvetChollima, LabyrinthChollima • Published within a month

2024-10-11 • 55% Match

Silent Chollima Extortion Activity Targets US Entities

Poly Swarm

#SilentChollima #Preft

Shares tag: SilentChollima • Shares 9 IOCs • Same author: Poly Swarm

2024-09-30 • 50% Match

Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT

Poly Swarm

#LabyrinthChollima #PyPI #POOLRAT #PondRAT

Shares tag: LabyrinthChollima • Shares 5 IOCs • Same author: Poly Swarm

2019-02-19 • 48% Match

2019 Global Threat Report

Crowd Strike

#Trend #SilentChollima #VelvetChollima #LabyrinthChollima #StardustChollima #RicochetChollima

Shares tags: SilentChollima, VelvetChollima, LabyrinthChollima

2024-12-13 • 45% Match

Technical Case Study: Defend Against Insider Threats

Crowd Strike

#FamousChollima

Shares tag: FamousChollima • Published within a week

2024-11-22 • 45% Match

Dark Web Profile: Moonstone Sleet

SOCRadar

#MoonstoneSleet #T1005 #T1056.001 #T1204.002 #T1566.002 #T1071 #T1547.001 #T1059 #T1195 #T1003 #T1486 #T1049 #T1021.002 #T1087.002 #T1561 #T1210

Shares tag: MoonstoneSleet • Published within a month

« Back