Emerald Sleet

Threat Actor updated 23 days ago (2024-11-29T14:35:42.806Z)
Download STIX
Preview STIX
Emerald Sleet, a threat actor associated with North Korea, has been identified as a significant player in cyber espionage. This group is known for its sophisticated use of artificial intelligence and machine learning models (LLMs), leveraging them to enhance spear-phishing campaigns, research publicly known vulnerabilities, troubleshoot technical issues, and assist with various web technologies. Among the top targets of Emerald Sleet are organizations in sectors such as government, defense, and media, with a particular focus on experts on the Korean Peninsula. Notably, Emerald Sleet has exploited OpenAI’s ChatGPT, the same technology that forms the basis for Microsoft's Copilot, to conduct malicious activities. Microsoft, which has invested $13 billion in OpenAI, along with OpenAI itself, have reported disrupting hacking attempts from Emerald Sleet and other state-affiliated malicious actors. The North Korea-linked group has reportedly used OpenAI’s services for scripting tasks and phishing campaigns focused primarily on the Asia-Pacific region. Emerald Sleet, also known as Velvet Chollima, impersonates reputable academic institutions and non-governmental organizations (NGOs) to lure victims into providing expert insights and commentary about foreign policies related to North Korea. The group also uses LLMs to generate content for spear-phishing campaigns and to research think tanks, experts, and government organizations concerned with defense issues and North Korea's nuclear weapons program. As a part of the broader landscape of cyber threats, Emerald Sleet poses a significant risk due to its advanced use of AI and targeted approach to gathering intelligence.
Description last updated: 2024-09-10T03:20:03.255Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Thallium is a possible alias for Emerald Sleet. Thallium, also known as Kimsuky, APT43, Velvet Chollima, and Black Banshee, is a significant threat actor that has been active since at least 2012. This group, believed to be operating on behalf of the North Korean regime, conducts intelligence collection and uses cybercrime to fund espionage activi
3
Apt43 is a possible alias for Emerald Sleet. APT43, also known as Kimsuky, is a North Korean Advanced Persistent Threat (APT) group that has been active since at least 2013. The group is known for its intelligence collection activities and using cybercrime to fund espionage. It has been linked to several aliases including Springtail, ARCHIPELA
3
Lazarus Group is a possible alias for Emerald Sleet. The Lazarus Group, a notorious threat actor attributed to North Korea, is renowned for its malicious activities aimed at furthering the country's objectives. This group has been implicated in several high-profile cyber-attacks, including an attack in Spain known as Operation DreamJob. The exploitati
2
Kimsuky is a possible alias for Emerald Sleet. Kimsuky is a threat actor group linked to North Korea, known for its malicious cyber activities with a particular focus on espionage. The group has been observed employing a variety of sophisticated tactics and techniques, including the use of malware such as TOGREASE, GREASE, and RandomQuery, which
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Health
State Sponso...
Openai
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Wicked Panda Threat Actor is associated with Emerald Sleet. Wicked Panda, also known as APT41, Double Dragon, and Brass Typhoon, is a prominent threat actor in the cybersecurity landscape. This China state-sponsored group has been identified as one of the top threat actors by the Department of Health and Human Services' Health Sector Cybersecurity CoordinatiUnspecified
2
The Double Dragon Threat Actor is associated with Emerald Sleet. Double Dragon, also known as APT41, Winnti, or Barium, is a prominent Advanced Persistent Threat (APT) group believed to have originated from China. As a threat actor, Double Dragon represents a human entity with the intent to execute actions of a malicious nature. The group has been identified by tUnspecified
2
The APT41 Threat Actor is associated with Emerald Sleet. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activiUnspecified
2
Source Document References
Information about the Emerald Sleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
3 months ago
InfoSecurity-magazine
9 months ago
DARKReading
9 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
DARKReading
10 months ago
BankInfoSecurity
10 months ago
Securityaffairs
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
2 years ago
CERT-EU
2 years ago