temp.hermit

Threat Actor updated a month ago (2024-09-10T04:18:23.393Z)

Download STIX

Preview STIX

Temp.Hermit, also known as Selective Pisces or Diamond Sleet, is a cyber threat actor linked to North Korea. This group has been active since 2013 and targets governments, defense, telecommunications, and financial services sectors with cyberespionage operations. Temp.Hermit's activities often overlap with other North Korean-aligned hacking groups like Lazarus Group (also known as APT38) and Labyrinth Chollima. In addition to these, several other threat groups are aligned with North Korea's Reconnaissance General Bureau (RGB), including Kimsuky (tracked as APT43 by Mandiant) and Andariel, which is often linked to ransomware activities. In October 2023, the Lazarus Group, also referred to as Temp.Hermit or Hidden Cobra, continued its Operation Dream Job campaign, targeting defense industry and nuclear engineers with trojanized Virtual Network Computing apps. The group's activities—tracked as UNC2970 or Temp.Hermit by Mandiant and included under the broader Lazarus umbrella by others—utilize specially crafted LinkedIn accounts based on legitimate users. These accounts are professionally curated to mimic the identities of legitimate users to build rapport and increase the likelihood of conversation and interaction. Despite the widespread overlap of tooling and tactics across North Korean-aligned hacking groups, Mandiant considers Temp.Hermit to be a distinct subset of activity under the control of North Korea's Reconnaissance General Bureau, focused on intelligence collection. This indicates the size and priorities of this actor, which publicly aligns with the DPRK's Reconnaissance General Bureau. With the constant evolution of their tactics and the use of sophisticated methods, Temp.Hermit continues to pose a significant cybersecurity threat.

Description last updated: 2024-09-10T03:18:30.144Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Lazarus Group is a possible alias for temp.hermit. The Lazarus Group, a notorious threat actor attributed to North Korea, has been implicated in a series of high-profile cyberattacks and illicit activities. The group is known for its sophisticated operations, including Operation DreamJob, which targeted Spain with a high level of confidence. Over th	2
Diamond Sleet is a possible alias for temp.hermit. Diamond Sleet, a threat actor linked to North Korea, has been identified as a significant cybersecurity concern. This group, also known as Selective Pisces, has targeted various sectors including media, defense, and IT organizations. The advanced persistent threat (APT) group is known for its supply	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Rgb Threat Actor is associated with temp.hermit. RGB is a threat actor group, part of North Korea's Reconnaissance General Bureau (RGB), a military intelligence agency under the General Staff Bureau of the Korean People's Army. Over the years, the RGB has revealed at least six threat groups, including Andariel, also known as Onyx Sleet, formerly P	Unspecified	2
The Andariel Threat Actor is associated with temp.hermit. Andariel, also known as Jumpy Pisces, is a threat actor group primarily associated with cyberespionage and ransomware activities. The group has been linked to North Korea's Reconnaissance General Bureau and other APT groups such as Kimsuky and Onyx Sleet. Andariel has been noted for its aggressive t	Unspecified	2

Source Document References

Information about the temp.hermit Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	a month ago	Threat Assessment: North Korean Threat Groups
CERT-EU	a year ago	New North Korean supply chain attack spreads via malicious CyberLink app
CERT-EU	a year ago	N. Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
CERT-EU	a year ago	Diamond Sleet supply chain compromise distributes a modified CyberLink installer \| Microsoft Security Blog
CERT-EU	a year ago	Trojanized VNC apps leveraged in defense-targeted Lazarus Group attacks
CERT-EU	a year ago	Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
DARKReading	a year ago	North Korea's State-Sponsored APTs Organize & Align
CERT-EU	2 years ago	North Korean hackers used polished LinkedIn profiles to target security researchers \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker – National Cyber Security Consulting
CERT-EU	2 years ago	North Korean hackers used polished LinkedIn profiles to target security researchers
CERT-EU	a year ago	Connect the Dots on State-Sponsored Cyber Incidents - Lazarus Group
BankInfoSecurity	a year ago	Researchers: North Korean Hackers Gain Speed, Flexibility
CERT-EU	2 years ago	North Korean UNC2970 Hackers Expands Operations with New Malware Families
CERT-EU	2 years ago	North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations \| #cybercrime \| #infosec – National Cyber Security Consulting