The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Labyrinth Chollima Expands Activity, Spawns Offshoots

Feb 6, 2026 12:15:57 PM / by The Hivemind posted in Threat Bulletin, Labyrinth Chollima, Golden Chollima, Pressure Chollima, North Korea Cryptocurrency Theft, Fudmodule Malware, DPRK Cyber Threats, Hoplight Lineage

0 Comments

Verticals Targeted: Cryptocurrency, Financial, Industrial, Manufacturing, Defense, Aerospace, Logistics, Shipping
Regions Targeted: United States, Canada, South Korea, India, Europe, Japan, Italy
Related Families: Multiple families per each threat actor

Executive Summary

Labyrinth Chollima operations have segmented into three distinct entities since 2018: Golden Chollima and Pressure Chollima, focused on cryptocurrency theft, and the core Labyrinth Chollima group, oriented toward espionage. Despite operational separation, the groups share tools, infrastructure, and tradecraft rooted in common malware frameworks, reflecting coordinated resource management within North Korea's cyber apparatus.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More