2026-01-28
S3N4T0R
Ricochet Chollima APT Adversary Simulation
#LNK
#RicochetChollima
RicochetChollima
"RICOCHET CHOLLIMA is a Democratic Peoples’ Republic of Korea (DPRK) targeted intrusion adversary that has been involved in espionage operations since at least 2016. RICOCHET CHOLLIMA’s observed operations have almost exclusively targeted the Republic of Korea (RoK) and are assessed to be focused on RoK government officials, non-governmental organizations (NGOs), academics, journalists, and DPRK de..."
- CrowdStrike, https://www.crowdstrike.com/adversaries/ricochet-chollima/
Also known as
| Name | Named by | AKA | First seen | Last seen |
|---|---|---|---|---|
| APT-C-28 | Qihoo360 | ScarCruft | 2019-06-01 | 2026-02-06 |
| APT37 | Mandiant | ScarCruft | 2018-02-20 | 2026-05-10 |
| ChinopuNK | S2W | ScarCruft | 2025-08-07 | 2025-08-07 |
| DEV-0215 | Microsoft | ScarCruft | 2022-11-07 | 2022-11-07 |
| DogpuNK | S2W | ScarCruft | 2025-08-07 | 2025-08-07 |
| Group123 | CiscoTalos | ScarCruft | 2018-01-16 | 2025-05-14 |
| ITG10 | IBM | ScarCruft | 2021-10-23 | 2023-06-06 |
| InkySquid | Volexity | ScarCruft | 2021-08-17 | 2023-01-04 |
| NickelFoxcroft | SecureWorks | ScarCruft | - | 2024-10-08 |
| RedEyes | Ahnlab | ScarCruft | 2018-02-21 | 2024-05-07 |
| RicochetChollima | CrowdStrike | ScarCruft | 2019-02-19 | 2026-01-28 |
| ScarCruft | Kaspersky | - | 2016-06-17 | 2026-05-28 |
| SectorA02 | NSHC | ScarCruft | 2020-03-12 | 2025-04-16 |
| TEMP.Reaper | Mandiant | ScarCruft | 2018-02-03 | 2024-04-09 |
| puNK-006 | S2W | ScarCruft | 2025-08-07 | 2025-08-07 |
| 금성121 | ESTSecurity | ScarCruft | 2018-07-04 | 2023-09-19 |