Hermit

Malware Profile Updated 7 hours ago
Download STIX
Preview STIX
"Hermit" is a sophisticated malware attributed to the North Korean state-sponsored hacking operations, often referred to as the "Hermit Kingdom" due to its historical isolationist policies. This malware was part of a wave of cyberattacks against Apple users in July 2022, alongside other malicious programs like Pegasus and DevilsTongue. To combat these threats, Apple developed a new security feature known as lockdown mode. Hermit has been linked to ScarCruft, an infamous North Korean threat actor known for targeting high-value individuals and organizations that align with North Korea's geopolitical objectives. Furthermore, Unit 42 stated it had moderate confidence that Contagious Interview, another cyber-espionage campaign, was run by a North Korean state-sponsored actor and high confidence that Wagemole is one of the Hermit Kingdom’s campaigns. North Korean hacking groups are notorious for their aggressive tactics and relentless pursuit of targets that provide them with valuable intelligence or financial gains. For instance, the Moonstone Sleet hackers have deployed a ransomware variant called "FakePenny", demanding extortion rates higher than previous examples. Similarly, the Pyongyang threat group uses aggressive social engineering tactics against think tanks, governments, and journalists to gain insight into external perceptions of North Korea. Another operation, Sinbad, launched in October 2022, has been used to launder funds from the $100m heist of Horizon, cleaning tens of millions in stolen cryptocurrency for the hermit nation. North Korean state-sponsored hackers have proven to be some of the world's most ruthless, stealing millions in cryptocurrency each year to evade sanctions and fund North Korea's nuclear programs. In another example, ScarCruft targeted a trading company linked to Russia and North Korea using a novel phishing attack chain that ended with the delivery of RokRAT malware. Despite the close state supervision of these hacking activities, cybersecurity firm Mandiant asserts that attribution to North Korea should be nuanced, as the country maintains different hacking units with overlapping infrastructure, malware, and tactics to ensure flexibility and resilience.
What's your take? (Question 1 of 0)
6d2c160a-32a8-45d5-9ee6-99ad56f22116 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Hermit Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
North Korean Hackers Continue to Refine Their Arsenal of Tactics & Techniques
Securityaffairs
2 months ago
Apple warns of mercenary spyware attacks on iPhone users in 92 countries
CERT-EU
a year ago
Send nukes
CERT-EU
7 months ago
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
CERT-EU
9 months ago
Russian Missile Manufacturer Breached By North Korean Hackers
BankInfoSecurity
7 hours ago
Microsoft Warns of North Korea's 'Moonstone Sleet'
CERT-EU
5 months ago
It’s 2024. Time to Have Attribution Standards in Cyberspace
InfoSecurity-magazine
a year ago
Resurrected Crypto-mixer Launders $100m in North Korean Funds
CERT-EU
9 months ago
Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams
CERT-EU
9 months ago
FBI: North Korean hackers transferred $40 million in stolen cryptocurrency funds in one day
CERT-EU
5 months ago
To stem North Korea’s missiles program, White House looks to its hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
Linux malware from Lazarus Group resembles tools used in 3CX compromise
CERT-EU
a year ago
Forescout says operational tech has become 'constant target,' details attack on Taiwanese OT devices
BankInfoSecurity
13 days ago
Breach Roundup: Kimsuky Serves Linux Trojan
CERT-EU
a year ago
Cybersecurity readiness still lacking worldwide
BankInfoSecurity
a month ago
Breach Roundup: REvil Hacker Gets Nearly 14-Year Sentence
CERT-EU
10 months ago
Identity-based attacks now part of most 'hands on keyboard' cyber intrusions
CERT-EU
a year ago
North Korean Hackers Are Attacking US Hospitals
CERT-EU
9 months ago
Taiwanese infosec crew challenges Microsoft’s China findings
CERT-EU
6 months ago
North Korea attacks tech recruitment market at both ends