Emerald Sleet

Threat Actor updated a day ago (2024-09-10T04:17:55.644Z)
Download STIX
Preview STIX
Emerald Sleet, a threat actor associated with North Korea, has been identified as a significant player in cyber espionage. This group is known for its sophisticated use of artificial intelligence and machine learning models (LLMs), leveraging them to enhance spear-phishing campaigns, research publicly known vulnerabilities, troubleshoot technical issues, and assist with various web technologies. Among the top targets of Emerald Sleet are organizations in sectors such as government, defense, and media, with a particular focus on experts on the Korean Peninsula. Notably, Emerald Sleet has exploited OpenAI’s ChatGPT, the same technology that forms the basis for Microsoft's Copilot, to conduct malicious activities. Microsoft, which has invested $13 billion in OpenAI, along with OpenAI itself, have reported disrupting hacking attempts from Emerald Sleet and other state-affiliated malicious actors. The North Korea-linked group has reportedly used OpenAI’s services for scripting tasks and phishing campaigns focused primarily on the Asia-Pacific region. Emerald Sleet, also known as Velvet Chollima, impersonates reputable academic institutions and non-governmental organizations (NGOs) to lure victims into providing expert insights and commentary about foreign policies related to North Korea. The group also uses LLMs to generate content for spear-phishing campaigns and to research think tanks, experts, and government organizations concerned with defense issues and North Korea's nuclear weapons program. As a part of the broader landscape of cyber threats, Emerald Sleet poses a significant risk due to its advanced use of AI and targeted approach to gathering intelligence.
Description last updated: 2024-09-10T03:20:03.255Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Thallium
3
Thallium, also known as Kimsuky, APT43, Velvet Chollima, and Black Banshee, is a significant threat actor that has been active since at least 2012. This group, believed to be operating on behalf of the North Korean regime, conducts intelligence collection and uses cybercrime to fund espionage activi
Apt43
3
APT43, also known as Kimsuky, Sparkling Pisces, Emerald Sleet, and Velvet Chollima among other names, is a North Korean state-sponsored advanced persistent threat (APT) group involved in cybercrime and espionage. This threat actor conducts intelligence collection and uses cybercrime to fund its espi
Lazarus Group
2
The Lazarus Group, also known as APT38, is a notorious threat actor believed to be backed by the North Korean regime. This group has been associated with several high-profile cyber attacks and thefts, including the infamous $600 million Ronin sidechain exploit in 2022. Known for their sophisticated
Kimsuky
2
Kimsuky, also known as Springtail, ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, and APT43, is a North Korea-linked threat actor first identified by a Kaspersky researcher in 2013. This cyberespionage group has been associated with various malicious activities, including spear-phishing camp
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Health
State Sponso...
Openai
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Wicked PandaUnspecified
2
Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center has identified it as one of the top cyber threats. Over the years, security resea
Double DragonUnspecified
2
Double Dragon, also known as APT41, Winnti, or Barium, is a prominent Advanced Persistent Threat (APT) group believed to have originated from China. As a threat actor, Double Dragon represents a human entity with the intent to execute actions of a malicious nature. The group has been identified by t
APT41Unspecified
2
APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various
Source Document References
Information about the Emerald Sleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
a day ago
Threat Assessment: North Korean Threat Groups
InfoSecurity-magazine
5 months ago
Microsoft: China Using AI-Generated Content to Sow Division in US
DARKReading
5 months ago
Threat Report: Examining the Use of AI in Attack Techniques
CERT-EU
6 months ago
Microsoft, OpenAI move to fend off genAI-aided hackers — for now
CERT-EU
6 months ago
Microsoft, OpenAI move to fend off genAI-aided hackers — for now
CERT-EU
7 months ago
OpenAI, Microsoft crack down on hackers using ChatGPT | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
DARKReading
7 months ago
Microsoft, OpenAI: Nation-States Are Weaponizing AI in Cyberattacks
BankInfoSecurity
7 months ago
OpenAI and Microsoft Terminate State-Backed Hacker Accounts
Securityaffairs
7 months ago
Nation-state actors are using AI services and LLMs for cyberattacks
CERT-EU
9 months ago
Over $3M worth of crypto amassed by North Korean hackers
CERT-EU
9 months ago
Kimsuky hacking group faces US sanctions
CERT-EU
a year ago
Chinese, North Korean Nation-State Groups Target Health Data
BankInfoSecurity
a year ago
Chinese, North Korean Nation-State Groups Target Health Data
CERT-EU
a year ago
N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
CERT-EU
a year ago
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware