KPconfidence: 50G0138

Silent ChollimaSilent Chollima

Also known as: OperationTroy · Guardian of Peace · GOP · WHOis Team · Andariel · Subgroup: Andariel · Onyx Sleet · PLUTONIUM · Silent Chollima

Origin
KP
Known aliases
9
Attribution
50

Profile

Andariel is a threat actor that primarily targets South Korean corporations and institutions. They are believed to collaborate with or operate as a subsidiary organization of the Lazarus threat group. WHOIS utilizes spear phishing attacks, watering hole attacks, and supply chain attacks for initial access. They have been known to exploit vulnerabilities and use malware such as Infostealer and TigerRAT.

Aliases· 9

OperationTroyGuardian of PeaceGOPWHOis TeamAndarielSubgroup: AndarielOnyx SleetPLUTONIUMSilent Chollima

MITRE ATT&CK Group crosswalk

G0138

References

  1. https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf
  2. https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
Andariel
Actor
Lazarus Group
Actor
Kimsuky
Actor
STARDUST CHOLLIMA
Actor
Operation Shadow Force
Actor
Chamelgang
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.