Everyday is lazarus.dayβ


2019-02-19, CrowdStrike
"RICOCHET CHOLLIMA is a Democratic Peoples’ Republic of Korea (DPRK) targeted intrusion adversary that has been involved in espionage operations since at least 2016. RICOCHET CHOLLIMA’s observed operations have almost exclusively targeted the Republic of Korea (RoK) and are assessed to be focused on RoK government officials, non-governmental organizations (NGOs), academics, journalists, and DPRK de..."

- CrowdStrike,

Also known as

Name Named by AKA First seen Last seen
APT-C-28 Qihoo360 ScarCruft 2019-06-01 2024-04-23
APT37 Mandiant ScarCruft 2018-02-20 2024-06-06
Group123 CiscoTalos ScarCruft 2018-01-16 2023-07-11
ITG10 IBM ScarCruft 2021-10-23 2023-06-06
InkySquid Volexity ScarCruft 2021-08-17 2023-01-04
NickelFoxcroft SecureWorks ScarCruft - -
RedEyes Ahnlab ScarCruft 2018-02-21 2024-05-07
RicochetChollima CrowdStrike ScarCruft 2019-02-19 2019-02-19
ScarCruft Kaspersky - 2016-06-17 2024-06-19
TEMP.Reaper Mandiant ScarCruft 2018-02-03 2024-04-09
금성121 ESTSecurity ScarCruft 2018-07-04 2023-09-19