Ricochet Chollima (also known as APT 37, Reaper, and ScarCruft) is a North Korean state backed hacker group that is believed to have been created sometime before 2016 and is typically involved in operations against financial institutions to generate assets for North Korea, but also conducts attacks on the industrial sector in other countries. CrowdStrike has stated that the group mainly attacks a variety of South Korean organizations and individuals, including academics, journalists, and North Korean defectors. But also stated the group has also engaged in attacks against Japan, Vietnam, Hong Kong, the Middle East, Russia, and the United States.[1][2][3] FireEye has called the group "the overlooked North Korean threat actor."[4]
History
editThe group is believed to have been founded sometime around 2012, according to FireEye.[4]
In January 2021 the group was found to be using a Trojan horse for a spear-phishing campaign that targeted the South Korean government.[5][6]
NPO Mashinostroyeniya, a Russian ballistic missile manufacturer was allegedly hacked by the group in 2023, as discovered by SentinelOne.[7][8]
See also
editReferences
edit- ^ Meyers, Adam (6 April 2018). "STARDUST CHOLLIMA | Threat Actor Profile | CrowdStrike". Retrieved 15 March 2021.
- ^ Osborne, Charlie. "North Korean Reaper APT uses zero-day vulnerabilities to spy on governments". ZDNet. Retrieved 15 March 2021.
- ^ "Adversary: Ricochet Chollima - Threat Actor". Crowdstrike Adversary Universe. Retrieved 4 February 2022.
- ^ a b "APT37 (Reaper) The Overlooked North Korean Actor" (PDF). FireEye. Archived from the original (PDF) on 17 April 2021. Retrieved 15 March 2021.
- ^ "ALERT: North Korean hackers targeting South Korea with RokRat Trojan". The Hacker News. Retrieved 15 March 2021.
- ^ Team, Threat Intelligence (6 January 2021). "Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat". Malwarebytes Labs. Retrieved 15 March 2021.
- ^ Reuters. (7 August 2023). "North Korean cyber group hacked top Russian missile makers". Jerusalem Post website Retrieved 7 August 2023.
- ^ SentinelOne. (7 August 2023). "Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company". [1] Retrieved 7 August 2023.