LABYRINTH CHOLLIMA Evolves into Three Adversaries
Contents
LABYRINTH CHOLLIMA has evolved into three distinct adversaries with specialized malware, objectives, and tradecraft: GOLDEN CHOLLIMA and PRESSURE CHOLLIMA now likely operate separately from the core LABYRINTH CHOLLIMA group.
GOLDEN CHOLLIMA and PRESSURE CHOLLIMA target cryptocurrency entities and are distinguished by the scale and scope of their operations; core LABYRINTH CHOLLIMA operations continue to focus on espionage, targeting industrial, logistics, and defense companies.
Despite operating independently, these three adversaries share tools and infrastructure, indicating centralized coordination and resource allocation within the DPRK cyber ecosystem.
LABYRINTH CHOLLIMA is among the most prolific DPRK-nexus adversaries that CrowdStrike Intelligence tracks and is responsible for some of North Korea’s most notable intrusions including destructive attacks against South Korean and U.S. entities, and the global WannaCry ransomware incident.
CrowdStrike Intelligence assesses that three distinct, highly specialized operational subgroups have emerged since 2018, each with specialized malware, objectives, and tradecraft. This assessment reflects a comprehensive re-evaluation of historical data …
GOLDEN CHOLLIMA and PRESSURE CHOLLIMA target cryptocurrency entities and are distinguished by the scale and scope of their operations; core LABYRINTH CHOLLIMA operations continue to focus on espionage, targeting industrial, logistics, and defense companies.
Despite operating independently, these three adversaries share tools and infrastructure, indicating centralized coordination and resource allocation within the DPRK cyber ecosystem.
LABYRINTH CHOLLIMA is among the most prolific DPRK-nexus adversaries that CrowdStrike Intelligence tracks and is responsible for some of North Korea’s most notable intrusions including destructive attacks against South Korean and U.S. entities, and the global WannaCry ransomware incident.
CrowdStrike Intelligence assesses that three distinct, highly specialized operational subgroups have emerged since 2018, each with specialized malware, objectives, and tradecraft. This assessment reflects a comprehensive re-evaluation of historical data …