Related Families: Preft
Related Families: PondRAT, PoolRAT
Verticals Targeted: Software Development
Executive Summary
North Korea nexus threat actor group Labyrinth Chollima was observed using poisoned Python packages to deliver PondRAT, a backdoor that targets MacOS and Linux systems.
Verticals Targeted: Software Development
Executive Summary
An ongoing social engineering campaign was observed targeting software developers. The threat actors use fake interviews to deliver a Python-based RAT, known as DevPopper.
Related Families: Dtrack, Dora RAT, TigerRAT, SmallTiger, LightHand, ValidAlpha
Verticals Targeted: Military, Defense, Engineering, Technology, Education, Construction, Manufacturing, Gambling, Energy
Executive Summary
Last week, the US Department of Justice (DOJ) indicted Rim Jong Hyok, an individual allegedly affiliated with Silent Chollima. The group has been active since at least 2014 and is known to conduct espionage operations on behalf of North Korea.
Related Families: SplitLoader, YouieLoad
Verticals Targeted: Education, Software, Information Technology, Defense, Aerospace
Executive Summary
Moonstone Sleet is a newly identified North Korea nexus threat actor group. The group leverages a combination of commonly used North Korean threat actor TTPs, along with their own unique attack methodologies.
Related Families: GoBear, Troll Stealer, BetaSeed, Endor
Verticals Targeted: Government
Executive Summary
North Korea nexus threat actor group Velvet Chollima was observed using a new Linux backdoor, dubbed Gomir, to target entities in South Korea.
Executive Summary
Several high-profile North Korea nexus threat actor groups have been active in 2023. Reported activities include but are not limited to supply chain attacks, targeting of cryptocurrency, and proliferation of MacOS malware. In this report, PolySwarm highlights cyber activity perpetrated by North Korea nexus threat actor groups in 2023.
Verticals Targeted: Financial
Executive Summary