HIDDEN COBRA

Threat Actor updated 6 days ago (2024-09-02T20:17:50.687Z)
Download STIX
Preview STIX
Hidden Cobra, also known as Lazarus Group, Kimsuky, KONNI, APT37, TEMP.Hermit, Sapphire Sleet, and Diamond Sleet, is a threat actor attributed to the North Korean government by the U.S. Government. Active since at least 2009, this group has been involved in various cyber espionage operations, destructive attacks, and cybercrime activities. The group's tactics, techniques, and procedures (TTPs) have been consistent over the years, with evidence from campaigns in 2020 pointing back to activity in 2017 and 2019. A subset of Hidden Cobra's activities is conducted by another team referred to as BeagleBoyz. Hidden Cobra primarily uses malware like FALLCHILL and AppleJeus to infect systems. Initially, they used websites that appeared to host legitimate cryptocurrency trading platforms to distribute their malware. However, they have evolved to use other infection vectors such as phishing, social networking, and social engineering techniques. In 2023, the group was seen targeting defense industry and nuclear engineers through a campaign known as Operation Dream Job, which involved trojanized versions of Virtual Network Computing (VNC) apps. Despite the focus on regional geopolitics, Hidden Cobra's activities extend beyond these boundaries. In 2023, they conducted operations and destructive attacks in regions including the UAE, Japan, Taiwan, Canada, and the US, undermining the common perception that attacks against the UAE are solely motivated by regional geopolitics. Microsoft has attributed some of these campaigns to a threat actor it codenamed Citrine Sleet, another alias for Hidden Cobra. As the group continues its operations, maintaining robust endpoint/device security and threat intelligence becomes increasingly crucial.
Description last updated: 2024-09-02T20:15:56.857Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
AppleJeus
3
AppleJeus is a malicious software, or malware, attributed to the North Korean Advanced Persistent Threat (APT) group known as Lazarus. It has been used extensively for financial theft initiatives, particularly targeting cryptocurrencies. The malware has seen multiple versions, including AppleJeus Ve
Lazarus Group
2
The Lazarus Group, a notorious threat actor associated with North Korea, has been implicated in several high-profile cyber attacks and exploitation activities. The group's objective often involves establishing a kernel read/write primitive, which allows them to gain high-level access to systems and
Citrine Sleet
2
Citrine Sleet is a dangerous malware attributed to a North Korean threat actor, as reported by Microsoft in late August 2024. This malicious software is designed to exploit and damage computer systems, infiltrating them through suspicious downloads, emails, or websites, often unbeknownst to the user
Diamond Sleet
2
Diamond Sleet is a North Korea-linked Advanced Persistent Threat (APT) group that has emerged as a significant threat actor in the cybersecurity landscape. This entity, which could be an individual, private company, or government body, is responsible for executing actions with malicious intent. The
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
WannaCryUnspecified
2
WannaCry is a type of malware, specifically ransomware, that gained notoriety in 2017 as one of the largest and most damaging cyber-attacks to date. The malicious software exploits vulnerabilities in computer systems to encrypt data, effectively holding it hostage until a ransom is paid. It primaril
CobraUnspecified
2
Cobra is a type of malware, short for malicious software, designed to exploit and damage computer systems or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Cobra has the potential to steal personal information, disrup
Source Document References
Information about the HIDDEN COBRA Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
6 days ago
North Korean Hackers Tied to Exploits of Chromium Zero-Day
DARKReading
6 months ago
150K+ UAE Network Devices & Apps Exposed Online
MITRE
9 months ago
Operation (노스 스타) North Star A Job Offer That’s Too Good to be True? | McAfee Blog
InfoSecurity-magazine
10 months ago
North Korea Blamed For CyberLink Supply Chain Attacks
CERT-EU
a year ago
Trojanized VNC apps leveraged in defense-targeted Lazarus Group attacks
CERT-EU
a year ago
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
CERT-EU
a year ago
Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm
CERT-EU
a year ago
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
CERT-EU
a year ago
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
CERT-EU
a year ago
Connect the Dots on State-Sponsored Cyber Incidents - Lazarus Group
MITRE
2 years ago
HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL | CISA
MITRE
2 years ago
BLINDINGCAN Remote Access Trojan - NHS Digital
MITRE
2 years ago
MAR-10135536-12 – North Korean Trojan: TYPEFRAME | CISA
MITRE
2 years ago
MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT | CISA
MITRE
2 years ago
HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure | CISA
MITRE
2 years ago
North Korean Advanced Persistent Threat Focus: Kimsuky | CISA
MITRE
2 years ago
FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks | CISA
MITRE
2 years ago
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware | CISA
Krypos Logic
2 years ago
A Brief Look At North Korean Cryptography
MITRE
2 years ago
HIDDEN COBRA – North Korean Trojan: Volgmer | CISA