H0lyGh0st Ransomware - DPRK Threat Intelligence | lazarus.day

H0lyGh0st Ransomware

#H0lyGh0st • 2022-07

🇺🇸 United States

#FinancialGain

DEV-0530, a North Korea-origin ransomware cluster with suspected overlap with PLUTONIUM/Andariel tooling and infrastructure, used H0lyGh0st ransomware against small and midsize businesses from at least September 2021. The campaign encrypted Windows systems with SiennaPurple and SiennaBlue variants, used the .h0lyenc extension, demanded Bitcoin payments, and applied double-extortion pressure by threatening to publish or share victim data.

8

Related Reports
1

Affected Countries
47

Months Since

Related Actors

DEV-0530

Microsoft

North Korean threat actor targets small and midsi…

Associated with: Plutonium

First seen: 2022-07 • Last seen: 2022-11

Related Reports

2024-03-17

Cyberpoking

H0lyGh0st (SiennaPurple) Ransomware

#H0lyGh0st #YARA

2023-03-07

UN

S/2023/171 Final report of the Panel of Experts

#Trend #Sanctions #Maui #H0lyGh0st #Harmony #AxieInfinity

2023-02-10

KRNCSC

랜섬웨어 공격을 통한 북한의 금전 탈취 수법

#Ransomware #Maui #H0lyGh0st

2023-02-10

Ahnlab

북한 랜섬웨어 한미 합동 사이버보안 권고 관련 안랩 대응 현황

#Ransomware #Maui #H0lyGh0st

2023-02-09

USCISA

Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities

#Ransomware #Maui #H0lyGh0st #T1083 #T1583.003 #T1195 #T1486 #T1133 #T1190 #T1583 #T1021

2022-08-30

Avertium

NORTH KOREA IS THE THREAT

#Ransomware #H0lyGh0st

2022-08-05

Somansa

H0lyGh0st 랜섬웨어

#Andariel #Ransomware #H0lyGh0st

2022-07-14

Microsoft

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

#Ransomware #H0lyGh0st #DEV-0530 #Plutonium #OnyxSleet