lazarusholic

Everyday is lazarus.dayβ

Citrine and Onyx Sleet: An Inside Look at North Korean Threat Actors

2024-09-11, Microsoft
https://thecyberwire.com/podcasts/microsoft-threat-intelligence/27/notes
#CitrineSleet #OnyxSleet #Podcast

Contents

Citrine and Onyx Sleet: An Inside Look at North Korean Threat Actors
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo discusses North Korean threat actors with one of our Microsoft Threat Intelligence researchers and Greg Schloemer focusing on two prominent groups: Onyx Sleet and Storm 0530. Onyx Sleet is a long-standing espionage group known for targeting defense and energy sectors, particularly in the U.S. and India. However, they’ve diversified into ransomware, using tactics like malware downloaders, zero-day vulnerabilities, and a remote access Trojan called D-Track. The conversation also touches on the use of fake certificates and the group's involvement in the software supply chain space.
In this episode you’ll learn:
- The relationship between Onyx Sleet and Storm 0530
- North Korea's broader strategy of using cyber-attacks and moonlighting activities
- Surprising nature of recent attack chains involving vulnerability in the Chromium engine
Some questions we ask:
- Does Onyx Sleet engage in …