Stardust Chollima

Threat Actor updated 5 months ago (2024-05-04T20:05:59.274Z)
Download STIX
Preview STIX
Stardust Chollima is a recognized threat actor in the cybersecurity industry, primarily known for its malicious activities aimed at acquiring funds. This group has been linked to various high-profile cyber-attacks and fraudulent activities since 2015. Stardust Chollima has been associated with the fraudulent abuse of compromised bank-operated SWIFT system endpoints, the FASTCash ATM cash-outs reported in October 2018, and significant cryptocurrency thefts. The group has been tracked under different names by various cybersecurity firms, including APT38 by FireEye, Bluenoroff by Kaspersky, Lazarus Group by ESTSecurity, and BeagleBoyz, among others. The operational framework of Stardust Chollima appears to be complex and potentially interconnected with other DPRK adversaries such as Labyrinth Chollima, Ricochet Chollima, and Silent Chollima. However, it remains unclear if elements of the TwoPence framework used by Stardust Chollima are shared among these groups. In August, the group was reported to have debuted the SpectralBlur malware, according to Proofpoint threat researcher Greg Lesnewich. Furthermore, there's a technical overlap between the WannaCry ransomware, which began self-propagating in May 2017, and both Stardust Chollima and Labyrinth Chollima. While there seems to be a degree of operational overlap with other groups, no direct link has been identified between Stardust Chollima and Silent Chollima, another threat actor involved in revenue generation attempts. Both groups leverage unique tools and infrastructure in their operations. The cybersecurity industry continues to monitor these threat actors closely, and companies are advised to incorporate intelligence on these groups into their security strategies. Cybersecurity firm CrowdStrike offers resources on how to integrate this information into an effective defense plan.
Description last updated: 2024-05-04T18:06:17.239Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT38 is a possible alias for Stardust Chollima. APT38, a threat actor suspected to be backed by the North Korean regime, has been responsible for some of the largest cyber heists observed to date. The group has conducted operations in over 16 organizations across at least 11 countries, primarily targeting financial institutions worldwide. Despite
3
Lazarus Group is a possible alias for Stardust Chollima. The Lazarus Group, a notorious threat actor attributed to North Korea, has been implicated in a series of high-profile cyberattacks and illicit activities. The group is known for its sophisticated operations, including Operation DreamJob, which targeted Spain with a high level of confidence. Over th
2
Bluenoroff is a possible alias for Stardust Chollima. BlueNoroff, a threat actor closely associated with the Lazarus hacking group, has been identified as a significant cybersecurity risk. Known for their financially motivated attacks, BlueNoroff targets banks, casinos, fintech companies, POST software and cryptocurrency businesses, and ATMs. They have
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Stardust Chollima Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more