2026-05-14
CrowdStrike
CrowdStrike 2026 Financial Services Threat Landscape Report
#FamousChollima
#GoldenChollima
#PressureChollima
#StardustChollima
GoldenChollima
Active since at least 2018, GOLDEN CHOLLIMA emerged from the historical LABYRINTH CHOLLIMA group, likely as the result of organizational restructuring to focus on currency generation. The adversary primarily focuses on cryptocurrency theft operations targeting the global financial technology (fintech) sector, employing malware disguised as legitimate cryptocurrency trading applications.
Also known as
| Name | Named by | AKA | First seen | Last seen |
|---|---|---|---|---|
| AppleJeus | Kaspersky | CitrineSleet | 2018-08-23 | 2026-05-12 |
| CitrineSleet | Microsoft | Lazarus | 2023-10-06 | 2025-03-27 |
| GleamingPisces | PaloaltoNetworks | CitrineSleet | 2024-09-09 | 2024-09-18 |
| GoldenChollima | CrowdStrike | CitrineSleet | 2026-01-29 | 2026-05-14 |
| UNC1720 | Mandiant | CitrineSleet | 2023-10-10 | 2025-08-03 |
| UNC4736 | Mandiant | CitrineSleet | 2023-04-11 | 2026-04-05 |