Silent Chollima

Threat Actor updated a month ago (2024-10-17T13:00:56.642Z)

Download STIX

Preview STIX

Silent Chollima, also known as Stonefly or APT45, is a threat actor with links to North Korea's foreign intelligence agency, the 3rd Bureau of the Foreign Intelligence and Reconnaissance General Bureau. The group has been active since at least 2015, when it began shifting its objectives. Silent Chollima is associated with various cyber-espionage and destructive operations, including those attributed to sub-groups within the Lazarus umbrella such as Andariel (aka Onyx Sleet) and Diamond Sleet (aka Labyrinth Chollima). The group's mission appears to have evolved over time, with early operations demonstrating both destructive and espionage components. The threat actor has predominantly targeted Japan due to its proximity to North Korea and the geopolitical tensions in the region. Japanese organizations are seen as opportune targets for Silent Chollima to carry out their objectives. Furthermore, the group has been implicated in financially motivated cyberattacks against U.S. organizations, continuing these activities despite recent indictments from the U.S. Department of Justice. Recently, Silent Chollima has been associated with the exploitation of the CVE-2023-42793 vulnerability, which has a CVSS score of 9.8. This indicates a definitive shift in the group's tactics, suggesting that they are adapting and evolving their methods to achieve their goals. It remains unclear whether the TwoPence framework is used exclusively by related DPRK adversaries like Stardust Chollima, or if elements of it are shared among other related groups such as Labyrinth Chollima, Ricochet Chollima, or Silent Chollima.

Description last updated: 2024-10-17T12:35:11.757Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Stonefly is a possible alias for Silent Chollima. Stonefly, also known as Andariel, Silent Chollima, Onyx Sleet, and APT45, is a threat actor group that has been active since at least 2015 and is believed to be linked to the North Korean government. The group has been involved in various attacks, including ransomware campaigns against Healthcare an	4
Andariel is a possible alias for Silent Chollima. Andariel, a threat actor controlled by North Korea's military intelligence agency, the Reconnaissance General Bureau, has been actively conducting cyber espionage and ransomware operations. The group funds its activities through ransomware attacks primarily targeting U.S. healthcare entities. In som	3
Labyrinth Chollima is a possible alias for Silent Chollima. Labyrinth Chollima, a threat actor linked to North Korea, has been active since 2009 and is known for conducting operations aimed at collecting political, military, and economic intelligence on North Korea’s foreign adversaries, as well as currency generation campaigns. This group, also known by var	2
Apt45 is a possible alias for Silent Chollima. APT45, also known as Andariel, Onyx Sleet, and Silent Chollima, is a North Korean threat actor associated with the Reconnaissance General Bureau, a military intelligence agency. This group has been operational since at least 2009, making it one of North Korea's longest-running cyber operators. Their	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Espionage

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Silent Chollima Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	2 months ago	Breach Roundup: AI 'Nudify' Sites Serve Malware
InfoSecurity-magazine	2 months ago	Stonefly Group Targets US Firms With New Malware Tools
CERT-EU	a year ago	Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans
CERT-EU	a year ago	Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw
CERT-EU	a year ago	North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
CERT-EU	a year ago	North Korean Hacker Group Andariel Strikes with New EarlyRat Malware – GIXtools
CrowdStrike	a year ago	Adversary Insights from Japan Front Lines \| CrowdStrike
MITRE	2 years ago	Adversary: Silent Chollima - Threat Actor \| Crowdstrike Adversary Universe
MITRE	2 years ago	STARDUST CHOLLIMA \| Threat Actor Profile \| CrowdStrike
CSO Online	2 years ago	APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
Malwarebytes	2 years ago	CISA issues alert with South Korean government about DPRK's ransomware antics
CERT-EU	2 years ago	APT trends report Q1 2023
CERT-EU	2 years ago	APT trends report Q1 2023 - GIXtools