temp.hermit

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Temp.Hermit, also known as Lazarus Group or Hidden Cobra, is a threat actor group associated with North Korea's Reconnaissance General Bureau (RGB). The group has been operational since 2013 and is known for its cyberespionage activities targeting governments and sectors such as defense, telecommunications, and financial services. Temp.Hermit is considered a distinct subset of North Korean-aligned hacking groups, despite the overlap in tooling and tactics, due to its focus on intelligence collection. Various sub-groups operate under Temp.Hermit, each responsible for specific tasks. In October 2023, Temp.Hermit was found to be continuing its Operation Dream Job campaign, which involved new intrusions leveraging trojanized Virtual Network Computing apps targeted at defense industry and nuclear engineers. This operation demonstrated the group's size and priorities, aligning with the DPRK’s RGB. Temp.Hermit's activities are tracked by Mandiant as UNC2970, but also map to UNC577. Another nascent threat cluster tracked as UNC4034 is also part of this activity set. Temp.Hermit's modus operandi includes the use of specially crafted LinkedIn accounts based on legitimate users. These accounts are well-designed and professionally curated to mimic the identities of the legitimate users, aiming to build rapport and increase the likelihood of conversation and interaction. This approach exemplifies the sophisticated and deceptive tactics employed by Temp.Hermit, further emphasizing the significant threat it poses to global cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lazarus Group
2
The Lazarus Group, a threat actor attributed to North Korea, is renowned for its notorious cyber-exploitation activities. The group has been linked to various high-profile cyber-attacks, including the largest decentralized finance exploit in history, the Ronin exploit of March 2022. This attack led
Unc2970
1
UNC2970, a North Korean threat actor also known as TEMP.Hermit and tracked under the broader Lazarus umbrella, has been identified by Mandiant as conducting an extensive spear-phishing campaign since June 2022. The group targets U.S. and European media and technology organizations, primarily through
Unc577
1
None
Diamond Sleet
1
Diamond Sleet is a threat actor group associated with North Korea that has been implicated in a series of advanced persistent threat (APT) supply chain attacks. These attacks have notably relied on the exploitation of CyberLink software, a popular multimedia application suite. The cybersecurity indu
Labyrinth Chollima
1
Labyrinth Chollima, a threat actor linked to North Korea, has been involved in numerous malicious activities since 2009. Tracked by CrowdStrike and other cybersecurity organizations, Labyrinth Chollima is part of the Lazarus Group, known for stealthy attacks targeting various industries such as acad
Unc4034
1
None
HIDDEN COBRA
1
Hidden Cobra, also known as the Lazarus Group and Sapphire Sleet, is a North Korean cyberespionage group that has been active since at least 2009. The U.S. Government uses the term Hidden Cobra to refer to malicious cyber activities by the North Korean government, with the BeagleBoyz representing a
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Reconnaissance
Mandiant
Espionage
Ransomware
Operation Dr...
Korean
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
WannaCryUnspecified
1
WannaCry is a type of malware, specifically ransomware, that caused significant global disruption in 2017. It exploited Windows SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), which allowed it to spread rapidly and infect over 200,000 machines across more t
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RgbUnspecified
2
RGB, a threat actor with ties to North Korea, has been involved in a range of malicious cyber activities. The group was designated by the Office of Foreign Assets Control (OFAC) on January 2, 2015, under Executive Order 13687 for being a controlled entity of the North Korean government. In addition
AndarielUnspecified
2
Andariel, a notorious threat actor associated with the Lazarus Group and linked to North Korea, is known for its malicious cyber activities. The group has been identified using DTrack malware and Maui ransomware, notably in mid-2022, and has developed a reputation for exploiting ActiveX objects. Res
CovelliteUnspecified
1
None
APT38Unspecified
1
APT38, also known as TA444, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, Stardust Chollima, and TraderTraitor, is a threat actor group suspected to be backed by the North Korean regime. The group has been active in operations across over 16 organizations in at least 11 countries, primaril
KimsukyUnspecified
1
Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi
Reconnaissance General BureauUnspecified
1
The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency responsible for clandestine operations abroad, including cyber activities. The RGB has been associated with several threat actors, including the BeagleBoyz, who have likely been active since at least 2014. Other groups lin
Reconnaissance General Bureau RgbUnspecified
1
The Reconnaissance General Bureau (RGB) is a North Korean military intelligence agency identified as a threat actor responsible for various cyberattacks. RGB is associated with hacking groups known as the "Lazarus Group," "Bluenoroff," and "Andariel," which are recognized as agencies or controlled e
BluenoroffUnspecified
1
BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software,
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-42793Unspecified
1
CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre
Source Document References
Information about the temp.hermit Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
New North Korean supply chain attack spreads via malicious CyberLink app
CERT-EU
8 months ago
N. Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
CERT-EU
8 months ago
Diamond Sleet supply chain compromise distributes a modified CyberLink installer | Microsoft Security Blog
CERT-EU
9 months ago
Trojanized VNC apps leveraged in defense-targeted Lazarus Group attacks
CERT-EU
9 months ago
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
DARKReading
9 months ago
North Korea's State-Sponsored APTs Organize & Align
CERT-EU
a year ago
North Korean hackers used polished LinkedIn profiles to target security researchers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
North Korean hackers used polished LinkedIn profiles to target security researchers
CERT-EU
10 months ago
Connect the Dots on State-Sponsored Cyber Incidents - Lazarus Group
BankInfoSecurity
9 months ago
Researchers: North Korean Hackers Gain Speed, Flexibility
CERT-EU
a year ago
North Korean UNC2970 Hackers Expands Operations with New Malware Families
CERT-EU
a year ago
North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations | #cybercrime | #infosec – National Cyber Security Consulting