STARDUST CHOLLIMA | Threat Actor Profile
Contents
Meet CrowdStrikeâs Adversary of the Month for April: STARDUST CHOLLIMA
April 6, 2018Adam Meyers Research & Threat Intel
STARDUST CHOLLIMA is a targeted intrusion adversary with a likely nexus to the Democratic Peopleâs Republic of Korea (DPRK). This adversary is typically involved in operations against financial institutions with the intention of generating liquid assets for the DPRK. Previous activity tied to this adversary includes campaigns focused on abusing Society for Worldwide Interbank Financial Telecommunication (SWIFT) systems, as well as intrusions against global banking networks via strategic web compromise operations.
Methods & Techniques
STARDUST CHOLLIMA uses several implants that share a code framework tracked by CrowdStrike® as âTwoPence.â This actor also uses techniques such as code protection tools like Enigma protector, password protected executables and secure deletion functions to remain hidden on target system for long periods of time by avoiding legacy security products. Recent Falcon Intelligence™ reporting has been published to customers assessing that …
April 6, 2018Adam Meyers Research & Threat Intel
STARDUST CHOLLIMA is a targeted intrusion adversary with a likely nexus to the Democratic Peopleâs Republic of Korea (DPRK). This adversary is typically involved in operations against financial institutions with the intention of generating liquid assets for the DPRK. Previous activity tied to this adversary includes campaigns focused on abusing Society for Worldwide Interbank Financial Telecommunication (SWIFT) systems, as well as intrusions against global banking networks via strategic web compromise operations.
Methods & Techniques
STARDUST CHOLLIMA uses several implants that share a code framework tracked by CrowdStrike® as âTwoPence.â This actor also uses techniques such as code protection tools like Enigma protector, password protected executables and secure deletion functions to remain hidden on target system for long periods of time by avoiding legacy security products. Recent Falcon Intelligence™ reporting has been published to customers assessing that …