2024-12-13
PolySwarm
2024 Recap - North Korean Threat Actor Activity
#MoonstoneSleet
#FamousChollima
#LabyrinthChollima
#RicochetChollima
#SilentChollima
#StardustChollima
#VelvetChollima
FamousChollima
"Formerly tracked by CrowdStrike Intelligence as the BadClone activity cluster, FAMOUS CHOLLIMA has been active since at least 2018. The adversary primarily conducts operations to illicitly obtain freelance or full-time equivalent (FTE) work to earn a salary that can be funneled to North Korea. The adversary has also deployed the custom malware families BeaverTail and InvisibleFerret as well as rem..."
- CrowdStrike, https://www.crowdstrike.com/adversaries/famous-chollima/
Also known as
Name | Named by | AKA | First seen | Last seen |
---|---|---|---|---|
FamousChollima | CrowdStrike | - | 2024-08-07 | 2024-12-13 |
NickelTapestry | SecureWorks | FamousChollima | 2024-10-16 | 2025-01-15 |
TenaciousPungsan | Datadog | FamousChollima | 2024-10-24 | 2024-10-24 |
UNC5267 | Mandiant | FamousChollima | 2024-09-23 | 2024-09-23 |