Andariel
Contents
Andariel
Country: Democratic People's Republic of Korea (DPRK) Organization: Lab 110, 3rd Bureau of the Reconnaissance General Bureau (RGB) Objective: Espionage, Ransomware (Page last updated December 27, 2024)
Aliases:
- Andariel (Cisco Talos, ESET, ETDA, Kaspersky, Lazarusholic, MITRE, Trend Micro, Wikipedia)
- APT45 (Mandiant)
- Clasiopa (Symantec)
- DarkSeoul (McAfee)
- Jumpy Pisces (Unit 42)
- Nickel Hyatt (Secureworks)
- Onyx Sleet (Microsoft)
- PLUTONIUM (previously used by Microsoft)
- Silent Chollima (CrowdStrike, Malpedia)
- Stonefly (Symantec)
- TA430 (Proofpoint)
Connections to other groups:
- Storm-0530 (Microsoft) (previously tracked as DEV-0530)
Identified Members
- Rim Jong Hyok:
Vulnerabilities Exploited
- CVE-2023-42793 (9.8 critical, in CISA's KEV Catalog) JetBrains TeamCity Authentication Bypass Vulnerability Source: Microsoft
The following five vulnerabilities have Microsoft as their source:
- CVE-2023-46604 (Vendor 10.0/ NVD 9.8 critical, in CISA's KEV Catalog) Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
- CVE-2023-22515 (Vendor 10.0/ NVD 9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
- CVE-2023-46604 (Vendor 10.0/ NVD 9.8 critical, in CISA's KEV Catalog) …
Country: Democratic People's Republic of Korea (DPRK) Organization: Lab 110, 3rd Bureau of the Reconnaissance General Bureau (RGB) Objective: Espionage, Ransomware (Page last updated December 27, 2024)
Aliases:
- Andariel (Cisco Talos, ESET, ETDA, Kaspersky, Lazarusholic, MITRE, Trend Micro, Wikipedia)
- APT45 (Mandiant)
- Clasiopa (Symantec)
- DarkSeoul (McAfee)
- Jumpy Pisces (Unit 42)
- Nickel Hyatt (Secureworks)
- Onyx Sleet (Microsoft)
- PLUTONIUM (previously used by Microsoft)
- Silent Chollima (CrowdStrike, Malpedia)
- Stonefly (Symantec)
- TA430 (Proofpoint)
Connections to other groups:
- Storm-0530 (Microsoft) (previously tracked as DEV-0530)
Identified Members
- Rim Jong Hyok:
Vulnerabilities Exploited
- CVE-2023-42793 (9.8 critical, in CISA's KEV Catalog) JetBrains TeamCity Authentication Bypass Vulnerability Source: Microsoft
The following five vulnerabilities have Microsoft as their source:
- CVE-2023-46604 (Vendor 10.0/ NVD 9.8 critical, in CISA's KEV Catalog) Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
- CVE-2023-22515 (Vendor 10.0/ NVD 9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
- CVE-2023-46604 (Vendor 10.0/ NVD 9.8 critical, in CISA's KEV Catalog) …