Verticals Targeted: Cryptocurrency
Regions Targeted: Not Specified
Related Families: None
NimDoor MacOS Malware
Jul 14, 2025 2:34:09 PM / by The Hivemind posted in Threat Bulletin, North Korea, Stealer, Infostealer, Cryptocurrency, social engineering, Stardust Chollima, NimDoor, AppleScript, MacOS malware, Web3, Nim, Zoom phishing
Famous Chollima’s PylangGhost
Jun 23, 2025 2:25:38 PM / by The Hivemind posted in Blockchain, Threat Bulletin, North Korea, India, Malware, Python, Cryptocurrency, RAT, PylangGhost, GolangGhost, Famous Chollima
Verticals Targeted: Cryptocurrency
Regions Targeted: India
Related Families: GolangGhost
Executive Summary
Famous Chollima, a North Korean-aligned threat actor, has deployed PylangGhost, a Python-based remote access trojan (RAT), targeting cryptocurrency and blockchain professionals in India. This malware, a variant of the GolangGhost RAT, facilitates credential theft and remote system control via sophisticated social engineering tactics.
Ricochet Chollima Using KoSpy Android Spyware
Mar 17, 2025 1:34:36 PM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Android, Spyware, Ricochet Chollima, KoSpy, APT37
Executive Summary
KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.
2024 Recap - North Korean Threat Actor Activity
Dec 13, 2024 2:20:52 PM / by The Hivemind posted in Threat Bulletin, North Korea, Asia, APAC, 2024, Recap
Executive Summary
This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report highlights the activity perpetrated by North Korea-based threat actors in 2024.
Silent Chollima Extortion Activity Targets US Entities
Oct 11, 2024 2:12:45 PM / by The Hivemind posted in Threat Bulletin, North Korea, Extortion, Silent Chollima, Andariel, APT 45, Stonefly, Onyx Sleet, Preft
Related Families: Preft
Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT
Sep 30, 2024 1:49:09 PM / by The Hivemind posted in Threat Bulletin, North Korea, Linux, MacOS, PondRAT, PoolRAT, Labyrinth Chollima
Related Families: PondRAT, PoolRAT
Verticals Targeted: Software Development
Executive Summary
North Korea nexus threat actor group Labyrinth Chollima was observed using poisoned Python packages to deliver PondRAT, a backdoor that targets MacOS and Linux systems.
DevPopper Campaign Targets Software Developers
Aug 26, 2024 1:38:47 PM / by The Hivemind posted in Threat Bulletin, North Korea, RAT, DevPopper
Verticals Targeted: Software Development
Executive Summary
An ongoing social engineering campaign was observed targeting software developers. The threat actors use fake interviews to deliver a Python-based RAT, known as DevPopper.
Silent Chollima's Espionage Activity
Aug 2, 2024 2:15:57 PM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Dtrack, Dora RAT, TigerRAT, Silent Chollima, SmallTiger
Related Families: Dtrack, Dora RAT, TigerRAT, SmallTiger, LightHand, ValidAlpha
Verticals Targeted: Military, Defense, Engineering, Technology, Education, Construction, Manufacturing, Gambling, Energy