Silent Chollima APT Adversary Simulation
Contents
This is a simulation of attack by (Silent Chollima) APT group targeting several customers and their users in North America, Asia, and Europe. The attack campaign was active in June 2025, have sent a link leading to a ZIP or RAR archive file. Inside this file would be a legitimate executable that was given a filename relevant to the targeted organization or tied to the theme of the spear phish email.When executed, this legitimate executable would load a malicious payload in an included Dynamic Link Library (DLL), via search order hijacking which provided operators with the ability to remotely execute commands on infected devices. I relied on volexity to figure out the details to make this: https://www.volexity.com/blog/2025/10/08/apt-meets-gpt-targeted-operations-with-untamed-llms/
Press enter or click to view image in full size
Social engineering technique: The attackers sent phishing emails containing HTML that included an image to make it appear a document was attached to the email. …
Press enter or click to view image in full size
Social engineering technique: The attackers sent phishing emails containing HTML that included an image to make it appear a document was attached to the email. …