Plutonium

Threat Actor updated 14 days ago (2024-11-08T12:41:17.364Z)

Download STIX

Preview STIX

Plutonium, also known as Jumpy Pisces and Andariel, is a notable threat actor historically involved in cyberespionage, financial crime, and ransomware attacks. Recent reports have revealed that advanced persistent threats (APTs) backed by Plutonium have been breaching the Sellafield's IT systems, which holds the world's largest store of plutonium, since 2015. These breaches were allegedly consistently covered up by senior staff at the site, raising significant concerns about nuclear security and the potential misuse of radioactive materials. In parallel to these cybersecurity threats, the geopolitical landscape has seen heightened nuclear activity. The U.N. atomic agency and foreign experts recently reported that North Korea appears to have started operating a light-water reactor at its main nuclear complex, potentially securing a new source for weapons-grade plutonium. This development comes alongside claims that the country intends to ramp up production of plutonium and uranium, likely as a strategy to strengthen its negotiating position on the international stage. These developments underscore the complex challenges facing nuclear security. Loose regulatory environments, such as those documented by former Atomic Energy Commission (AEC) chairman Seaborg, can make tracking losses in the nuclear industry difficult. Meanwhile, threat actors like Plutonium exploit vulnerabilities in IT systems, posing further risks. As we move forward, it is crucial to address both physical and digital security gaps to prevent the misuse of nuclear material.

Description last updated: 2024-10-30T16:03:11.424Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Andariel is a possible alias for Plutonium. Andariel, a threat actor controlled by North Korea's military intelligence agency, the Reconnaissance General Bureau, has been actively conducting cyber espionage and ransomware operations. The group funds its activities through ransomware attacks primarily targeting U.S. healthcare entities. In som	3
Onyx Sleet is a possible alias for Plutonium. Onyx Sleet, also known as Andariel, Silent Chollima, and Stonefly, is a North Korean state-sponsored cyber group under the RGB 3rd Bureau. This threat actor utilizes an array of malware to gather intelligence for North Korea, primarily conducting cyberespionage, but also engaging in ransomware activ	2
CVE-2023-42793 is a possible alias for Plutonium. CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Sellafield

Teamcity

Nuclear

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The ZINC Threat Actor is associated with Plutonium. Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been active since 2009. This group is notorious for its cyber-attacks aimed at collecting political, military, and economic intelligence on North Korea's foreign adversaries, and executing currency generation campa	Unspecified	2

Source Document References

Information about the Plutonium Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	23 days ago	Jumpy Pisces Engages in Play Ransomware
DARKReading	8 months ago	Sprawling Sellafield Nuclear Waste Site Prosecuted for Cybersecurity Failings
BankInfoSecurity	8 months ago	UK Nuclear Cleanup Site Faces Criminal Cybersecurity Charges
CERT-EU	a year ago	North Korea’s Kim vows to launch 3 more spy satellites and produce more nuclear materials in 2024
CERT-EU	a year ago	Kim Tells North Korea to Prepare for War He Says Is Inevitable
CERT-EU	a year ago	North Korea warns war inevitable, builds up spy satellites and nuclear arsenal
CERT-EU	a year ago	N. Korea’s new nuclear reactor likely fully operational next summer: Seoul
CERT-EU	a year ago	Techrights — Links 24/12/2023: Kangaroo Court Update and a Merry Christmas
DARKReading	a year ago	Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare
InfoSecurity-magazine	a year ago	Sellafield Accused of Covering Up Major Cyber Breaches
CERT-EU	a year ago	Credit Union outages, Nuclear site breach \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Sellafield rubbishes allegations of covering up a major malware attack in 2015
CERT-EU	a year ago	British Nuclear Power Facility Attacked
CERT-EU	a year ago	Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Cisco finally patches IOS XE after six days of zero day hits
CERT-EU	a year ago	North Korea ramps up intelligence-gathering cyberattacks
CERT-EU	a year ago	North Korean hackers exploit critical TeamCity flaw to breach networks
Malwarebytes	2 years ago	CISA issues alert with South Korean government about DPRK's ransomware antics
CERT-EU	a year ago	What Lies Beneath