2024 Recap - North Korean Threat Actor Activity
Contents
Executive Summary
This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report highlights the activity perpetrated by North Korea-based threat actors in 2024.
Key Takeaways
- This report highlights the activity perpetrated by North Korea-based threat actors in 2024.
- Threat actors featured in this report include Silent Chollima, Labyrinth Chollima, Velvet Chollima, Stardust Chollima, Ricochet Chollima, Famous Chollima, and Moonstone Sleet.
- PolySwarm tracked malware associated with multiple North Korea nexus threat actors in 2024.
2024 North Korea Nexus Threat Actor Activity
Silent Chollima
Silent Chollima, also known as Stonefly, Andariel, Onyx Sleet, TDrop2, and DarkSeoul, is a North Korean threat actor group that is reportedly an offshoot of Lazarus Group. The group has been active since at least 2009 and is known to conduct espionage operations on behalf of North Korea. They are linked to North Korea’s Reconnaissance General Bureau. More recently, the group has been observed conducting activities for financial gain. Verticals targeted …
This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report highlights the activity perpetrated by North Korea-based threat actors in 2024.
Key Takeaways
- This report highlights the activity perpetrated by North Korea-based threat actors in 2024.
- Threat actors featured in this report include Silent Chollima, Labyrinth Chollima, Velvet Chollima, Stardust Chollima, Ricochet Chollima, Famous Chollima, and Moonstone Sleet.
- PolySwarm tracked malware associated with multiple North Korea nexus threat actors in 2024.
2024 North Korea Nexus Threat Actor Activity
Silent Chollima
Silent Chollima, also known as Stonefly, Andariel, Onyx Sleet, TDrop2, and DarkSeoul, is a North Korean threat actor group that is reportedly an offshoot of Lazarus Group. The group has been active since at least 2009 and is known to conduct espionage operations on behalf of North Korea. They are linked to North Korea’s Reconnaissance General Bureau. More recently, the group has been observed conducting activities for financial gain. Verticals targeted …
IoC
F59035192098e44b86c4648a0de4078edbe80352260276f4755d15d354f5fc58
0837dd54268c373069fc5c1628c6e3d75eb99c3b3efc94c45b73e2cf9a6f3207
3c8dbfcbb4fccbaf924f9a650a04cb4715f4a58d51ef49cc75bfcef0ac258a3e
1b88b939e5ec186b2d19aec8f17792d493d74dd6ab3d5a6ddc42bfe78b01aff1
0b5db31e47b0dccfdec46e74c0e70c6a1684768dbacc9eacbb4fd2ef851994c7
3098e6e7ae23b3b8637677da7bfc0ba720e557e6df71fa54a8ef1579b6746061
7339cfa5a67f5a4261c18839ef971d7f96eaf60a46190cab590b439c71c4742b
Cb97ec024c04150ad419d1af2d1eb66b5c48ab5f345409d9d791db574981a3fb
f3b0da965a4050ab00fce727bb31e0f889a9c05d68d777a8068cfc15a71d3703
8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f
39d7407e76080ec5d838c8ebca5182f3ac4a5f416ff7bda9cbc4efffd78b4ff5
f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c
75448c81d54acb16dd8f5c14e3d4713b3228858e07e437875fbea9b13f431437
Cafaa7bc3277711509dc0800ed53b82f645e86c195e85fbf34430bbc75c39c24
f64dab23c50e3d131abcc1bdbb35ce9d68a34920dd77677730568c24a84411c5
bfd74b4a1b413fa785a49ca4a9c0594441a3e01983fc7f86125376fdbd4acf6b
09d152aa2b6261e3b0a1d1c19fa8032f215932186829cfcca954cc5e84a6cc38
868a62feff8b46466e9d63b83135a7987bf6d332c13739aa11b747b3e2ad4bbf
fed94f461145681dc9347b382497a72542424c64b6ae6fcf945f4becd2d46c32
29c6044d65af0073424ccc01abcb8411cbdc52720cac957a3012773c4380bab3
f1662bee722a4e25614ed30933b0ced17b752d99fae868fbb326a46afa2282d5
96118268f9ab475860c3ae3edf00d9ee944d6440fd60a1673f770d150bfb16d3
e5d56cb7085ed8caf6c8269f4110265f9fb9cc7d8a91c498f3e2818fc978eee2
ee7926b30c734b49f373b88b3f0d73a761b832585ac235eda68cf9435c931269
9863173e0a45318f776e36b1a8529380362af8f3e73a2b4875e30d31ad7bd3c1
7bd723b5e4f7b3c645ac04e763dfc913060eaf6e136eecc4ee0653ad2056f3a0
d71f478b1d5b8e489f5daafda99ad203de356095278c216a421694517826b79a
47d084e54d15d5d313f09f5b5fcdea0c9273dcddd9a564e154e222343f697822
5c907b722c53a5be256dc5f96b755bc9e0b032cc30973a52d984d4174bace456
5633691b680b46b8bd791a656b0bb9fe94e6354f389ab7bc6b96d007c9d41ffa
8e45daace21f135b54c515dbd5cf6e0bd28ae2515b9d724ad2d01a4bf10f93bd
6f3e849ee0fe7a6453bd0408f0537fa894b17fc55bc9d1729ae035596f5c9220
12bf9fe2a68acb56eb01ca97388a1269b391f07831fd37a1371852ed5df44444
fce7db964bef4b37f2f430c6ea99f439e5be06e047f6386222826df133b3a047
0837dd54268c373069fc5c1628c6e3d75eb99c3b3efc94c45b73e2cf9a6f3207
3c8dbfcbb4fccbaf924f9a650a04cb4715f4a58d51ef49cc75bfcef0ac258a3e
1b88b939e5ec186b2d19aec8f17792d493d74dd6ab3d5a6ddc42bfe78b01aff1
0b5db31e47b0dccfdec46e74c0e70c6a1684768dbacc9eacbb4fd2ef851994c7
3098e6e7ae23b3b8637677da7bfc0ba720e557e6df71fa54a8ef1579b6746061
7339cfa5a67f5a4261c18839ef971d7f96eaf60a46190cab590b439c71c4742b
Cb97ec024c04150ad419d1af2d1eb66b5c48ab5f345409d9d791db574981a3fb
f3b0da965a4050ab00fce727bb31e0f889a9c05d68d777a8068cfc15a71d3703
8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f
39d7407e76080ec5d838c8ebca5182f3ac4a5f416ff7bda9cbc4efffd78b4ff5
f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c
75448c81d54acb16dd8f5c14e3d4713b3228858e07e437875fbea9b13f431437
Cafaa7bc3277711509dc0800ed53b82f645e86c195e85fbf34430bbc75c39c24
f64dab23c50e3d131abcc1bdbb35ce9d68a34920dd77677730568c24a84411c5
bfd74b4a1b413fa785a49ca4a9c0594441a3e01983fc7f86125376fdbd4acf6b
09d152aa2b6261e3b0a1d1c19fa8032f215932186829cfcca954cc5e84a6cc38
868a62feff8b46466e9d63b83135a7987bf6d332c13739aa11b747b3e2ad4bbf
fed94f461145681dc9347b382497a72542424c64b6ae6fcf945f4becd2d46c32
29c6044d65af0073424ccc01abcb8411cbdc52720cac957a3012773c4380bab3
f1662bee722a4e25614ed30933b0ced17b752d99fae868fbb326a46afa2282d5
96118268f9ab475860c3ae3edf00d9ee944d6440fd60a1673f770d150bfb16d3
e5d56cb7085ed8caf6c8269f4110265f9fb9cc7d8a91c498f3e2818fc978eee2
ee7926b30c734b49f373b88b3f0d73a761b832585ac235eda68cf9435c931269
9863173e0a45318f776e36b1a8529380362af8f3e73a2b4875e30d31ad7bd3c1
7bd723b5e4f7b3c645ac04e763dfc913060eaf6e136eecc4ee0653ad2056f3a0
d71f478b1d5b8e489f5daafda99ad203de356095278c216a421694517826b79a
47d084e54d15d5d313f09f5b5fcdea0c9273dcddd9a564e154e222343f697822
5c907b722c53a5be256dc5f96b755bc9e0b032cc30973a52d984d4174bace456
5633691b680b46b8bd791a656b0bb9fe94e6354f389ab7bc6b96d007c9d41ffa
8e45daace21f135b54c515dbd5cf6e0bd28ae2515b9d724ad2d01a4bf10f93bd
6f3e849ee0fe7a6453bd0408f0537fa894b17fc55bc9d1729ae035596f5c9220
12bf9fe2a68acb56eb01ca97388a1269b391f07831fd37a1371852ed5df44444
fce7db964bef4b37f2f430c6ea99f439e5be06e047f6386222826df133b3a047