Silent Chollima

Threat Actor updated 4 months ago (2024-05-05T04:17:35.785Z)

Download STIX

Preview STIX

Silent Chollima, a North Korea-nexus threat actor, is known for its malicious cyber activities. The group, which is part of the 3rd Bureau of the Foreign Intelligence and Reconnaissance General Bureau, North Korea's foreign intelligence agency, has been associated with other groups such as Lazarus, APT38, and Andariel. Silent Chollima, also known as Andariel or Stonefly, began shifting their objectives in 2015. Prior to this shift, their operations demonstrated both destructive and espionage components. There was also an attempt at revenue generation by Silent Chollima, identified by CrowdStrike, before tracking Stardust Chollima, another North Korea-nexus threat actor. Japanese organizations have been targeted due to the proximity of Japan to North Korea and the geopolitical tensions in the region. The cybersecurity firm noted a definitive shift in Silent Chollima's tactics, overlapping with the cluster widely tracked as Andariel (aka Onyx Sleet or Silent Chollima), a subgroup within the Lazarus umbrella. It remains unclear whether the TwoPence framework is used exclusively by Stardust Chollima, or if elements of it are shared between other related DPRK adversaries such as Labyrinth Chollima, Ricochet Chollima, or Silent Chollima. The most recent attacks linked to Silent Chollima involved the exploitation of CVE-2023-42793, a severe vulnerability with a CVSS score of 9.8. These attacks were attributed to Diamond Sleet (aka Labyrinth Chollima) and Onyx Sleet (aka Andariel or Silent Chollima). Despite the unique tools and infrastructure leveraged by Silent Chollima, no overlap was identified between this group and Stardust Chollima, suggesting distinct operational strategies amongst these threat actors.

Description last updated: 2024-05-05T03:54:05.259Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Andariel	3	Andariel, a state-backed threat group linked to North Korea's Reconnaissance General Bureau, has been identified as a significant cyber threat. The group has demonstrated its capabilities by compromising critical national infrastructure organizations, accessing classified technical information and i
Labyrinth Chollima	2	Labyrinth Chollima, a threat actor linked to North Korea, has been active since 2009 and is known for conducting operations aimed at collecting political, military, and economic intelligence on North Korea’s foreign adversaries, as well as currency generation campaigns. This group, also known by var
Stonefly	2	The Andariel APT (also known as Stonefly, Silent Chollima, and Onyx Sleet) is a threat actor believed to be associated with the North Korean government. Active since at least 2015, it has been implicated in several cyber attacks, notably using ransomware campaigns to target US Healthcare and Public

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Espionage

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Silent Chollima Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans
CERT-EU	a year ago	Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw
CERT-EU	a year ago	North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
CERT-EU	a year ago	North Korean Hacker Group Andariel Strikes with New EarlyRat Malware – GIXtools
CrowdStrike	a year ago	Adversary Insights from Japan Front Lines \| CrowdStrike
MITRE	2 years ago	Adversary: Silent Chollima - Threat Actor \| Crowdstrike Adversary Universe
MITRE	2 years ago	STARDUST CHOLLIMA \| Threat Actor Profile \| CrowdStrike
CSO Online	2 years ago	APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
Malwarebytes	2 years ago	CISA issues alert with South Korean government about DPRK's ransomware antics
CERT-EU	a year ago	APT trends report Q1 2023
CERT-EU	a year ago	APT trends report Q1 2023 - GIXtools