Ricochet Chollima
Ricochet Chollima (also known as APT 37, Reaper, and ScarCruft) is a North Korean state backed hacker group group that is believed to have created somtime before 2016 and is typically involved in operations against financial institutions to generate assets for North Korea. But also conducts attacks on the industrial sector in other countries. CrowdStrike has stated that the groups operations mainly target South Korean with a focus on government officials, non-governmental organizations, academics, journalists, and North Korean defectors. But also stated the group has also engaged in attacks aganist Japan, Vietnam, Hong Kong, the Middle East, Russia, and the United States.[1][2][3] FireEye has called the group "the overlooked North Korean threat actor."[4]
History[]
The group is believed to have been founded sometime around 2012, according to FireEye.[4]
In January 2021 the group was found to be using a Trojan horse for a spear-phishing campaign that targeted the South Korean government.[5][6]
See also[]
References[]
- ^ Meyers, Adam (2018-04-06). "STARDUST CHOLLIMA | Threat Actor Profile | CrowdStrike". Retrieved 2021-03-15.
- ^ Osborne, Charlie. "North Korean Reaper APT uses zero-day vulnerabilities to spy on governments". ZDNet. Retrieved 2021-03-15.
- ^ "Adversary: Ricochet Chollima - Threat Actor". Crowdstrike Adversary Universe. Retrieved 2022-02-04.
- ^ a b "APT37 (Reaper) The Overlooked North Korean Actor" (PDF). FireEye.
{{cite web}}: CS1 maint: url-status (link) - ^ "ALERT: North Korean hackers targeting South Korea with RokRat Trojan". The Hacker News. Retrieved 2021-03-15.
- ^ Team, Threat Intelligence (2021-01-06). "Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat". Malwarebytes Labs. Retrieved 2021-03-15.
 | This North Korea-related article is a stub. You can help Wikipedia by . |
- North Korean advanced persistent threat groups
- Hacking in the 2010s
- Hacker groups
- Cyberattack gangs
- North Korea stubs