HIDDEN COBRA

Threat Actor updated a month ago (2024-10-16T00:00:58.817Z)
Download STIX
Preview STIX
Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is a North Korean government-linked threat actor known for its malicious cyber activities. The group has primarily conducted cyberespionage but has also been involved in ransomware activity. The U.S. Government refers to this team's specific subset of activity as BeagleBoyz. Hidden Cobra has used various methods to infect systems, including websites appearing to host legitimate cryptocurrency trading platforms and phishing, social networking, and social engineering techniques. They have also deployed malware such as FALLCHILL and AppleJeus to compromise systems. The group's tactics, techniques, and procedures (TTPs) align with previous operations from 2017, which used defense contractors as lures. In October 2018, the US-CERT released a joint technical alert warning about an ATM cash-out scheme dubbed "FASTCash" being used by Hidden Cobra. By 2020, the group was using the domain mireene.com and its sub-domains for their operations. Indicators from these campaigns pointed to earlier activity from 2017 and 2019 that had been attributed to Hidden Cobra. In 2023, the group, also referred to as Sapphire Sleet, actively conducted espionage operations and destructive attacks in the United Arab Emirates region. Microsoft attributed attacks impacting over 100 devices in countries including Japan, Taiwan, Canada, and the U.S. to the Diamond Sleet (another alias for Hidden Cobra) group. Furthermore, the group continued its Operation Dream Job campaign with new intrusions leveraging trojanized Virtual Network Computing apps targeted at defense industry and nuclear engineers.
Description last updated: 2024-10-15T23:15:35.914Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
AppleJeus is a possible alias for HIDDEN COBRA. AppleJeus is a malware attributed with medium confidence to the North Korea-linked APT group "Gleaming Pisces," also known as Citrine Sleet, by researchers at Palo Alto's Unit 42. The group has been notorious for distributing versions of AppleJeus malware disguised as legitimate cryptocurrency tradi
3
Lazarus Group is a possible alias for HIDDEN COBRA. The Lazarus Group, a notorious North Korean state-sponsored threat actor, is among the most prolific and dangerous cyber threat actors in operation. The group has been involved in several high-profile cyber-attacks, including Operation DreamJob in Spain, with the primary objective of funding North K
3
Diamond Sleet is a possible alias for HIDDEN COBRA. Diamond Sleet, a threat actor linked to North Korea, has been identified as a significant cybersecurity concern. This group, also known as Selective Pisces, has targeted various sectors including media, defense, and IT organizations. The advanced persistent threat (APT) group is known for its supply
2
Citrine Sleet is a possible alias for HIDDEN COBRA. Citrine Sleet, also known as Gleaming Pisces, is a financially motivated threat actor associated with North Korea that has been active since at least 2018. The group is renowned for distributing the AppleJeus malware, targeting cryptocurrency traders. They have previously been linked to various cybe
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Apt
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Cobra Malware is associated with HIDDEN COBRA. Cobra is a type of malware, short for malicious software, designed to exploit and damage computer systems or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Cobra has the potential to steal personal information, disrupUnspecified
2
The WannaCry Malware is associated with HIDDEN COBRA. WannaCry is a type of malware, specifically ransomware, that made headlines in 2017 as one of the most devastating cyberattacks in recent history. The WannaCry ransomware exploited vulnerabilities in Windows' Server Message Block protocol (SMBv1), specifically CVE-2017-0144, CVE-2017-0145, and CVE-2Unspecified
2
Source Document References
Information about the HIDDEN COBRA Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
a month ago
Unit42
2 months ago
BankInfoSecurity
3 months ago
DARKReading
8 months ago
MITRE
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago