Silent Chollima

Threat Actor updated 23 days ago (2024-11-29T13:59:13.236Z)
Download STIX
Preview STIX
Silent Chollima, also known as Stonefly or APT45, is a threat actor with links to North Korea's foreign intelligence agency, the 3rd Bureau of the Foreign Intelligence and Reconnaissance General Bureau. The group has been active since at least 2015, when it began shifting its objectives. Silent Chollima is associated with various cyber-espionage and destructive operations, including those attributed to sub-groups within the Lazarus umbrella such as Andariel (aka Onyx Sleet) and Diamond Sleet (aka Labyrinth Chollima). The group's mission appears to have evolved over time, with early operations demonstrating both destructive and espionage components. The threat actor has predominantly targeted Japan due to its proximity to North Korea and the geopolitical tensions in the region. Japanese organizations are seen as opportune targets for Silent Chollima to carry out their objectives. Furthermore, the group has been implicated in financially motivated cyberattacks against U.S. organizations, continuing these activities despite recent indictments from the U.S. Department of Justice. Recently, Silent Chollima has been associated with the exploitation of the CVE-2023-42793 vulnerability, which has a CVSS score of 9.8. This indicates a definitive shift in the group's tactics, suggesting that they are adapting and evolving their methods to achieve their goals. It remains unclear whether the TwoPence framework is used exclusively by related DPRK adversaries like Stardust Chollima, or if elements of it are shared among other related groups such as Labyrinth Chollima, Ricochet Chollima, or Silent Chollima.
Description last updated: 2024-10-17T12:35:11.757Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Stonefly is a possible alias for Silent Chollima. Stonefly, also known as Andariel, Silent Chollima, Onyx Sleet, and APT45, is a threat actor group that has been active since at least 2015 and is believed to be linked to the North Korean government. The group has been involved in various attacks, including ransomware campaigns against Healthcare an
4
Andariel is a possible alias for Silent Chollima. Andariel, a threat actor controlled by North Korea's military intelligence agency, the Reconnaissance General Bureau, has been actively conducting cyber espionage and ransomware operations. The group funds its activities through ransomware attacks primarily targeting U.S. healthcare entities. In som
3
Labyrinth Chollima is a possible alias for Silent Chollima. Labyrinth Chollima, a threat actor linked to North Korea, has been active since 2009 and is known for conducting operations aimed at collecting political, military, and economic intelligence on North Korea’s foreign adversaries, as well as currency generation campaigns. This group, also known by var
2
Apt45 is a possible alias for Silent Chollima. APT45, also known as Andariel, Onyx Sleet, and Silent Chollima, is a North Korean threat actor associated with the Reconnaissance General Bureau, a military intelligence agency. This group has been operational since at least 2009, making it one of North Korea's longest-running cyber operators. Their
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Espionage
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The threatActor Stonefly Group is associated with Silent Chollima. Unspecified
2