Alias Description | Votes |
---|---|
Labyrinth Chollima is a possible alias for Lazarus Group. Labyrinth Chollima, a threat actor linked to North Korea, has been active since 2009 and is known for conducting operations aimed at collecting political, military, and economic intelligence on North Korea’s foreign adversaries, as well as currency generation campaigns. This group, also known by var | 5 |
Andariel is a possible alias for Lazarus Group. Andariel, a threat actor controlled by North Korea's military intelligence agency, the Reconnaissance General Bureau, has been actively conducting cyber espionage and ransomware operations. The group funds its activities through ransomware attacks primarily targeting U.S. healthcare entities. In som | 5 |
Sinbad is a possible alias for Lazarus Group. Sinbad is a threat actor suspected to be operated by North Korean operatives, primarily for the purpose of laundering stolen cryptocurrency. According to Chainalysis, Sinbad processed $24 million in December and January, indicating its use as a new mixing service. However, it's effectiveness is yet | 4 |
APT38 is a possible alias for Lazarus Group. APT38, a threat actor suspected to be backed by the North Korean regime, has been responsible for some of the largest cyber heists observed to date. The group has conducted operations in over 16 organizations across at least 11 countries, primarily targeting financial institutions worldwide. Despite | 4 |
HIDDEN COBRA is a possible alias for Lazarus Group. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is a North Korean government-linked threat actor known for its malicious cyber activities. The group has primarily conducted cyberespionage but has also been involved in ransomware activity. The U.S. Government refers to this team's s | 3 |
Kimsuky is a possible alias for Lazarus Group. Kimsuky is a threat actor group linked to North Korea, known for its malicious cyber activities with a particular focus on espionage. The group has been observed employing a variety of sophisticated tactics and techniques, including the use of malware such as TOGREASE, GREASE, and RandomQuery, which | 3 |
Tradertraitor is a possible alias for Lazarus Group. TraderTraitor, a threat actor attributed to the North Korean government's APT38 hacking group also known as Lazarus, has been implicated in a series of cyberattacks targeting cryptocurrency platforms. The FBI has recently linked TraderTraitor to the theft of hundreds of millions of dollars in crypto | 3 |
ZINC is a possible alias for Lazarus Group. Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been active since 2009. This group is notorious for its cyber-attacks aimed at collecting political, military, and economic intelligence on North Korea's foreign adversaries, and executing currency generation campa | 3 |
Diamond Sleet is a possible alias for Lazarus Group. Diamond Sleet, a threat actor linked to North Korea, has been identified as a significant cybersecurity concern. This group, also known as Selective Pisces, has targeted various sectors including media, defense, and IT organizations. The advanced persistent threat (APT) group is known for its supply | 3 |
Operation Dreamjob is a possible alias for Lazarus Group. Operation DreamJob is a campaign attributed to the Lazarus group, a North Korea-aligned group infamous for its cyberespionage and financial theft activities. The campaign was first coined in a blog post by ClearSky in August 2020, where it described Lazarus' attempts to target defense and aerospace | 3 |
Sapphire Sleet is a possible alias for Lazarus Group. Sapphire Sleet is a North Korea-linked Advanced Persistent Threat (APT) group known for its malicious activities. As a threat actor, Sapphire Sleet has been identified as the entity behind the execution of actions with harmful intent. The group's operations are sophisticated and persistent, targetin | 2 |
Stardust Chollima is a possible alias for Lazarus Group. Stardust Chollima is a recognized threat actor in the cybersecurity industry, primarily known for its malicious activities aimed at acquiring funds. This group has been linked to various high-profile cyber-attacks and fraudulent activities since 2015. Stardust Chollima has been associated with the f | 2 |
Emerald Sleet is a possible alias for Lazarus Group. Emerald Sleet, a threat actor associated with North Korea, has been identified as a significant player in cyber espionage. This group is known for its sophisticated use of artificial intelligence and machine learning models (LLMs), leveraging them to enhance spear-phishing campaigns, research public | 2 |
Guardians of Peace is a possible alias for Lazarus Group. The Guardians of Peace, a threat actor with alleged ties to North Korea, came to prominence in 2014 following a massive cyberattack on Sony Pictures Entertainment. The group, also known as the Lazarus Group or the Whois Team, infiltrated Sony's systems and leaked sensitive data, including private de | 2 |
temp.hermit is a possible alias for Lazarus Group. Temp.Hermit, also known as Selective Pisces or Diamond Sleet, is a cyber threat actor linked to North Korea. This group has been active since 2013 and targets governments, defense, telecommunications, and financial services sectors with cyberespionage operations. Temp.Hermit's activities often overl | 2 |
Apt43 is a possible alias for Lazarus Group. APT43, also known as Kimsuky, is a North Korean Advanced Persistent Threat (APT) group that has been active since at least 2013. The group is known for its intelligence collection activities and using cybercrime to fund espionage. It has been linked to several aliases including Springtail, ARCHIPELA | 2 |
Unc4736 is a possible alias for Lazarus Group. UNC4736, a threat actor suspected to have North Korean connections, has been implicated in a series of cybersecurity breaches. The group gained initial access to the 3CX environment when an employee downloaded a financial trading package named X_TRADER from Trading Technologies' website. Unbeknownst | 2 |
TA444 is a possible alias for Lazarus Group. TA444, also known as BlueNoroff, APT28, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and other monikers, is a prolific North Korean state-backed threat actor known for its malicious cyber activities. The group has been continuously generating proprietary malware, distinguishing it from other | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Quiterat Malware is associated with Lazarus Group. QuiteRAT is a new type of malware associated with the North Korea-linked Lazarus Group, known for their use of custom malware. Built using the Qt framework, QuiteRAT is smaller in size compared to MagicRAT, another malware linked to the group, due to its incorporation of fewer Qt libraries and lack | Unspecified | 4 |
The Kandykorn Malware is associated with Lazarus Group. KandyKorn is a type of malware, first discovered in 2023, that targets macOS systems. Developed by the Lazarus hacking group, this malicious software specifically aims at blockchain engineers. The known infection process begins with social engineering tactics, tricking the victim into downloading a | Unspecified | 4 |
The WannaCry Malware is associated with Lazarus Group. WannaCry is a notorious malware that gained global attention in 2017 when it was responsible for the biggest ransomware attack to date. The malware, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites. Once inside a system, WannaCry can | Unspecified | 4 |
The Magicrat Malware is associated with Lazarus Group. MagicRAT is a type of malware, first observed by Cisco Talos in 2022, that was used by the Lazarus Group to exploit vulnerabilities in publicly exposed VMWare Horizon platforms, primarily targeting energy companies worldwide. This malicious software, which can infiltrate systems through suspicious d | Unspecified | 4 |
The AppleJeus Malware is associated with Lazarus Group. AppleJeus is a malware attributed with medium confidence to the North Korea-linked APT group "Gleaming Pisces," also known as Citrine Sleet, by researchers at Palo Alto's Unit 42. The group has been notorious for distributing versions of AppleJeus malware disguised as legitimate cryptocurrency tradi | Unspecified | 3 |
The Dtrack Malware is associated with Lazarus Group. DTrack is a malicious software (malware) known for its data theft capabilities. It was first associated with North Korean threat groups and has been used in numerous cyber attacks globally. The malware infiltrates systems through suspicious downloads, emails, or websites, and once inside, it collect | Unspecified | 3 |
The Earlyrat Malware is associated with Lazarus Group. EarlyRat is a previously undocumented malware discovered by Kaspersky researchers in June. The North Korea-linked Advanced Persistent Threat (APT) group Andariel used EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. The malware was first noticed in one of the Log4j cases, | Unspecified | 3 |
The Collectionrat Malware is associated with Lazarus Group. CollectionRAT is a malicious software (malware) first identified in a Cisco Talos report in 2023, with samples dating as far back as 2021. This Windows-based Remote Access Trojan (RAT) is believed to be connected to the Jupiter/EarlyRAT malware family, which has previously been linked to a Lazarus s | Unspecified | 3 |
The Lightlesscan Malware is associated with Lazarus Group. LightlessCan is a new and advanced malware, discovered by ESET, that has been added to North Korea's Lazarus group's arsenal. The malware is a successor to the group's flagship HTTP(S) Lazarus Remote Access Trojan (RAT) named BlindingCan. LightlessCan represents a significant advancement in maliciou | Unspecified | 3 |
The Spectralblur Malware is associated with Lazarus Group. SpectralBlur is a newly detected malware, identified as a macOS backdoor, that has been making headlines since the start of 2024. It was first spotted by cybersecurity experts who have tentatively attributed its creation and deployment to the Bluenoroff group. This malicious software, like others of | Unspecified | 2 |
The Rustbucket Malware is associated with Lazarus Group. RustBucket is a malicious software (malware) specifically targeting macOS systems, first reported in 2023 and attributed to the North Korea-linked threat actor group, BlueNoroff. This malware was initially uncovered in 2021 as part of the RustBucket campaign and has since evolved into multiple varia | Unspecified | 2 |
The Gopuram Malware is associated with Lazarus Group. Gopuram is a malicious software or malware that infiltrates systems to exploit and cause damage. It has been known to infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Technical Reconnaissance Bureau Threat Actor is associated with Lazarus Group. The Technical Reconnaissance Bureau (TRB), also known as the Fourteenth Bureau, is a North Korea-based threat actor that leads the Democratic People's Republic of Korea's (DPRK) development of offensive cyber tactics and tools. The TRB conducts mail inspection, telecommunications inspection and cont | Unspecified | 4 |
The Bluenoroff Threat Actor is associated with Lazarus Group. BlueNoroff, a threat actor group linked to North Korea, has been identified as the malicious entity behind several high-profile cyber-attacks. Since first making headlines with an attack on Sony Pictures in 2014, BlueNoroff and its parent group Lazarus have been involved in numerous notorious securi | is related to | 4 |
The APT37 Threat Actor is associated with Lazarus Group. APT37, also known as RedAnt, RedEyes, ScarCruft, and Group123, is a threat actor suspected to be backed by North Korea. It has been active since at least 2012, primarily targeting South Korea across various industry verticals such as chemicals, electronics, manufacturing, aerospace, automotive, and | Unspecified | 3 |
The Onyx Sleet Threat Actor is associated with Lazarus Group. Onyx Sleet, also known as Andariel, Silent Chollima, and Stonefly, is a North Korean state-sponsored cyber group under the RGB 3rd Bureau. This threat actor utilizes an array of malware to gather intelligence for North Korea, primarily conducting cyberespionage, but also engaging in ransomware activ | Unspecified | 3 |
The sinbad.io Threat Actor is associated with Lazarus Group. Sinbad.io, a threat actor identified as a popular money-laundering outlet for state-sponsored crypto thieves, emerged as a significant player in the cybercrime landscape over the past few years. Following U.S. sanctions on Tornado Cash, a previously favored service by North Korean hackers to obfusca | Unspecified | 3 |
The ScarCruft Threat Actor is associated with Lazarus Group. ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean state-sponsored threat actor known for targeting high-value individuals and organizations to further North Korea's geopolitical objectives. This group has shown its agility in adopting new malware delivery me | Unspecified | 2 |
The Wicked Panda Threat Actor is associated with Lazarus Group. Wicked Panda, also known as APT41, Double Dragon, and Brass Typhoon, is a prominent threat actor in the cybersecurity landscape. This China state-sponsored group has been identified as one of the top threat actors by the Department of Health and Human Services' Health Sector Cybersecurity Coordinati | Unspecified | 2 |
The Thallium Threat Actor is associated with Lazarus Group. Thallium, also known as Kimsuky, APT43, Velvet Chollima, and Black Banshee, is a significant threat actor that has been active since at least 2012. This group, believed to be operating on behalf of the North Korean regime, conducts intelligence collection and uses cybercrime to fund espionage activi | Unspecified | 2 |
The APT41 Threat Actor is associated with Lazarus Group. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activi | Unspecified | 2 |
The Reconnaissance General Bureau Threat Actor is associated with Lazarus Group. The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency known for its clandestine operations abroad. Its cyber activities, believed to be coordinated by the secretive organization, have been linked to various threat actors since at least 2014. Notable entities include the Beagl | Unspecified | 2 |
The APT28 Threat Actor is associated with Lazarus Group. APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM, is a threat actor linked to Russia. The group has been associated with cyber espionage campaigns across Central Asia and has historically targeted areas of national security, military operations, and geopolitical influ | Unspecified | 2 |
The Double Dragon Threat Actor is associated with Lazarus Group. Double Dragon, also known as APT41, Winnti, or Barium, is a prominent Advanced Persistent Threat (APT) group believed to have originated from China. As a threat actor, Double Dragon represents a human entity with the intent to execute actions of a malicious nature. The group has been identified by t | Unspecified | 2 |
The APT33 Threat Actor is associated with Lazarus Group. APT33, also known as Peach Sandstorm, is an Iran-linked threat actor associated with the Iranian Islamic Revolutionary Guard Corps (IRGC). This group has targeted communication equipment, government agencies, and the oil-and-gas industry in the United Arab Emirates and the United States, primarily f | Unspecified | 2 |
The Rgb Threat Actor is associated with Lazarus Group. RGB is a notorious threat actor, primarily associated with North Korea's Reconnaissance General Bureau (RGB), a military intelligence agency. This organization falls under the General Staff Bureau of the DPRK Korean People's Army and has been linked to numerous cyber-attacks against international en | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Log4Shell Vulnerability is associated with Lazarus Group. Log4Shell is a significant software vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) that exists in the Log4j Java-based logging utility. It was exploited by various Advanced Persistent Threat (APT) actors, including LockBit affiliates and GOLD MELODY (UNC961), to gain unauthorized | Unspecified | 4 |
The CVE-2023-42793 Vulnerability is associated with Lazarus Group. CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre | Unspecified | 3 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Securelist | 19 hours ago | ||
Securelist | 24 days ago | ||
CERT-EU | a year ago | ||
DARKReading | a month ago | ||
BankInfoSecurity | 2 months ago | ||
Checkpoint | 2 months ago | ||
DARKReading | 2 months ago | ||
Flashpoint | 2 months ago | ||
Securityaffairs | 2 months ago | ||
BankInfoSecurity | 2 months ago | ||
DARKReading | 3 months ago | ||
Checkpoint | 3 months ago | ||
Checkpoint | 3 months ago | ||
InfoSecurity-magazine | 3 months ago | ||
Unit42 | 3 months ago | ||
BankInfoSecurity | 4 months ago | ||
BankInfoSecurity | 4 months ago | ||
Securityaffairs | 4 months ago | ||
DARKReading | 4 months ago | ||
Securityaffairs | 4 months ago |