2023 Recap - Threat Actor Activity Highlights - North Korea
Contents
Executive Summary
Several high-profile North Korea nexus threat actor groups have been active in 2023. Reported activities include but are not limited to supply chain attacks, targeting of cryptocurrency, and proliferation of MacOS malware. In this report, PolySwarm highlights cyber activity perpetrated by North Korea nexus threat actor groups in 2023.
IOCs
4f6690b82ca4b1f5735386729c4a04161e2cda9443cab700279eb583d9d21f70 PolyScore 0.97 TM
C7f4aa77be7f7afe9d0665d3e705dbf7794bc479bb9c44488c7bf4169f8d14fe PolyScore 0.95 TM
Key Takeaways
- Several high-profile North Korea nexus threat actor groups have been active in 2023.
- Some of their reported activities include supply chain attacks, targeting of cryptocurrency, and proliferation of MacOS malware.
- High-profile North Korean threat actors active in 2023 include Labyrinth Chollima, Stardust Chollima, Ricochet Chollima, Velvet Chollima, and Silent Chollima.
- Samples of a newer variant of RustBucket, which targets MacOS systems, are featured in the IOCs section.
2023 Activity Highlights
Labyrinth Chollima
Labyrinth Chollima, also known as Hidden Cobra, Diamond Sleet, APT38, and Lazarus Group, is a state-sponsored threat actor group likely affiliated with Bureau 121 …
Several high-profile North Korea nexus threat actor groups have been active in 2023. Reported activities include but are not limited to supply chain attacks, targeting of cryptocurrency, and proliferation of MacOS malware. In this report, PolySwarm highlights cyber activity perpetrated by North Korea nexus threat actor groups in 2023.
IOCs
4f6690b82ca4b1f5735386729c4a04161e2cda9443cab700279eb583d9d21f70 PolyScore 0.97 TM
C7f4aa77be7f7afe9d0665d3e705dbf7794bc479bb9c44488c7bf4169f8d14fe PolyScore 0.95 TM
Key Takeaways
- Several high-profile North Korea nexus threat actor groups have been active in 2023.
- Some of their reported activities include supply chain attacks, targeting of cryptocurrency, and proliferation of MacOS malware.
- High-profile North Korean threat actors active in 2023 include Labyrinth Chollima, Stardust Chollima, Ricochet Chollima, Velvet Chollima, and Silent Chollima.
- Samples of a newer variant of RustBucket, which targets MacOS systems, are featured in the IOCs section.
2023 Activity Highlights
Labyrinth Chollima
Labyrinth Chollima, also known as Hidden Cobra, Diamond Sleet, APT38, and Lazarus Group, is a state-sponsored threat actor group likely affiliated with Bureau 121 …
IoC
4f6690b82ca4b1f5735386729c4a04161e2cda9443cab700279eb583d9d21f70
C7f4aa77be7f7afe9d0665d3e705dbf7794bc479bb9c44488c7bf4169f8d14fe
C9a7b42c7b29ca948160f95f017e9e9ae781f3b981ecf6edbac943e52c63ffc8
C7f4aa77be7f7afe9d0665d3e705dbf7794bc479bb9c44488c7bf4169f8d14fe
C9a7b42c7b29ca948160f95f017e9e9ae781f3b981ecf6edbac943e52c63ffc8