NICKEL ACADEMY

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Nickel Academy is a threat actor, known for its malicious campaigns. In November 2017, the North Korean cyber threat group, known as the Lazarus Group, launched a spearphishing campaign using a job opening for a CFO role at a European-based cryptocurrency company as bait. CTU researchers discovered this campaign and found several indicators pointing to Nickel Academy's involvement with high confidence. These included copying and pasting job descriptions from online recruitment sites in previous campaigns and technical linkages to previous Nickel Academy malware and operations. The researchers also identified components of a custom Command and Control (C2) protocol being used in the campaign that had been utilized by Nickel Academy in previous operations. They found common elements in the macro and the first-stage Remote Access Trojan (RAT) used in the campaign with former campaigns of the NICKEL ACADEMY (Lazarus) group. This spearphishing campaign was just one example of the methods used by Nickel Academy to gain unauthorized access to sensitive information. Overall, Nickel Academy poses a significant threat to organizations globally. Their use of spearphishing campaigns and custom C2 protocols highlights their sophistication and advanced capabilities. Organizations should take proactive measures to protect themselves against these types of attacks, including implementing strong cybersecurity policies, conducting regular security awareness training for employees, and employing advanced threat detection technologies.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Spearphishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
NICKELUnspecified
1
Nickel is a notable threat actor, or malicious entity, that has been involved in significant cyber operations. Notably, Nickel targeted government organizations across Latin America and Europe, alongside other nation-state affiliated threat actors such as FIN6 and Emissary Panda. These groups focuse
Lazarus GroupUnspecified
1
The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the NICKEL ACADEMY Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Media Alert - Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies