2024-10-08
SecureWorks
2024 State of the Threat Report
#NickelAcademy
#NickelFoxcroft
#NickelHyatt
#NickelJuniper
#NickelKimball
#Trend
NickelHyatt
"NICKEL HYATT is a subgroup of NICKEL ACADEMY that has operated on behalf of the North Korean government since at least 2009. Its targeting has included financial institutions, defense contractors, government agencies, academic think tanks, cybersecurity vendors, and North Korean refugee support organizations. The group originally appeared to focus on South Korea but has expanded to other countries such as Japan, the U.S., and India. NICKEL HYATT has engaged in espionage, destructive attacks, and financial crime."
- SecureWorks, https://www.secureworks.com/research/threat-profiles/nickel-hyatt
Also known as
Name | Named by | AKA | First seen | Last seen |
---|---|---|---|---|
APT45 | Mandiant | Andariel | 2024-07-26 | 2024-10-31 |
Andariel | FSI | - | 2017-07-27 | 2025-01-24 |
Clasiopa | Symantec | Andariel | 2023-02-23 | 2023-02-23 |
G0138 | MITRE | Andariel | 2021-09-29 | 2021-09-29 |
Hive0079 | IBM | Andariel | - | - |
JumpyPisces | PaloaltoNetworks | Andariel | 2024-06-28 | 2024-10-30 |
NickelHyatt | SecureWorks | Andariel | - | 2024-10-08 |
Plutonium | Microsoft | Andariel | 2022-11-07 | 2022-11-07 |
RedLight | KRCERT | Andariel | - | - |
SectorA04 | NSHC | Andariel | 2020-03-12 | 2025-02-11 |
SilentChollima | CrowdStrike | Andariel | 2014-04-21 | 2024-12-13 |
Stonefly | Symantec | Andariel | 2022-04-27 | 2024-10-02 |
TA430 | Proofpoint | Andariel | 2024-01-01 | 2024-01-01 |
UNC4131 | Mandiant | Andariel | 2023-04-18 | 2023-04-18 |
UNC4369 | Mandiant | Andariel | 2023-04-18 | 2023-04-18 |
UNC614 | Mandiant | Andariel | 2023-02-16 | 2023-10-10 |