Everyday is lazarus.dayβ


"NICKEL GLADSTONE is a subgroup of NICKEL ACADEMY that CTU researchers assess with high confidence focuses on acquisitive financial crime, targeting financial institutions and conducting online criminal activities for financial gain. This focus on finance expands NICKEL GLADSTONE’s geographic scope beyond other North Korean groups, to include organizations in North and South America, Europe, Africa, and Asia. The group appears particularly interested in targeting companies operating in countries that have weaker financial regulatory regimes."

- SecureWorks,

Also known as

Name Named by AKA First seen Last seen
APT38 Mandiant BlueNoroff 2018-10-03 2023-10-10
BeagleBoyz USCISA BlueNoroff 2020-08-26 2020-08-26
BlackDev2 PWC BlueNoroff 2021-09-08 2023-04-12
BlueNoroff Kaspersky - 2017-04-03 2024-01-04
CTG-6459 SecureWorks NickelGladstone - -
CryptoCore Clearskysec BlueNoroff 2020-06-24 2021-05-24
NickelGladstone SecureWorks BlueNoroff - -
REF9135 Elastic BlueNoroff 2023-06-29 2023-06-29
RedCarpet KRCERT BlueNoroff - -
StardustChollima CrowdStrike BlueNoroff 2018-02-26 2019-02-19
T-APT-15 Tencent BlueNoroff 2018-03-07 2018-03-07
TAG-71 Recordedfuture BlueNoroff 2023-06-06 2024-01-10
TEMP.Hermit Fireeye BlueNoroff 2017-09-13 2023-10-10
TraderTraitor USCISA BlueNoroff 2022-04-18 2023-08-22