Play Ransomware and North Korean APT45 Work Together to Launch Major Cyberattack – Active IOCs
Contents
APT29 aka Nobelium – Active IOCs
October 31, 2024Russian APT29 Exploits RDP Files in Spear-Phishing Campaign Targeting Over 100 Organizations – Active IOCs
October 31, 2024APT29 aka Nobelium – Active IOCs
October 31, 2024Russian APT29 Exploits RDP Files in Spear-Phishing Campaign Targeting Over 100 Organizations – Active IOCs
October 31, 2024Severity
High
Analysis Summary
The financial objectives of North Korean threat actors have been highlighted by their involvement in a recent event that used the Play family of ransomware. The threat actor identified as APT45—also known as Andariel, Jumpy Pisces, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy, Silent Chollima, and Stonefly—has been blamed for the activity, which was seen between May and September 2024.
The researchers said, “We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group.”
This incident is noteworthy since it is the first time that an underground ransomware network and the state-sponsored …
October 31, 2024Russian APT29 Exploits RDP Files in Spear-Phishing Campaign Targeting Over 100 Organizations – Active IOCs
October 31, 2024APT29 aka Nobelium – Active IOCs
October 31, 2024Russian APT29 Exploits RDP Files in Spear-Phishing Campaign Targeting Over 100 Organizations – Active IOCs
October 31, 2024Severity
High
Analysis Summary
The financial objectives of North Korean threat actors have been highlighted by their involvement in a recent event that used the Play family of ransomware. The threat actor identified as APT45—also known as Andariel, Jumpy Pisces, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy, Silent Chollima, and Stonefly—has been blamed for the activity, which was seen between May and September 2024.
The researchers said, “We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group.”
This incident is noteworthy since it is the first time that an underground ransomware network and the state-sponsored …
IoC
b1ac26dac205973cd1288a38265835eda9b9ff2edc6bd7c6cb9dee4891c9b449
e3069713add2d99750af6c30580fb3595a0b6abc
e12f93d462a622f32a4ff1e646549c42
172.96.137.224
f64dab23c50e3d131abcc1bdbb35ce9d68a34920dd77677730568c24a84411c5
540853beffb0ba9b26cf305bcf92fad82599eb3c
f01eae4ee3cc03d621be7b0af7d60411
e3069713add2d99750af6c30580fb3595a0b6abc
e12f93d462a622f32a4ff1e646549c42
172.96.137.224
f64dab23c50e3d131abcc1bdbb35ce9d68a34920dd77677730568c24a84411c5
540853beffb0ba9b26cf305bcf92fad82599eb3c
f01eae4ee3cc03d621be7b0af7d60411