- Original Labyrinth Chollima continues espionage against the military, government and nuclear sectors
- Golden Chollima targets fintech companies worldwide to steal cryptocurrency
- Pressure Chollima Attacks Centralized Exchanges Behind Record Crypto Thefts
One of the largest and most successful North Korean state-sponsored threat actors is divided into three separate entities, each with their own tactics, malware tools, targets and goals, experts have warned.
In a recent in-depth analysis, CrowdStrike researchers explained that the move is a strategic development to make Labyrinth Chollima cyber attacks more effective and that the newly formed teams will continue to work together.
“LABYRINTH CHOLLIMA’s segmentation into specialized operational units represents a strategic development that enhances the DPRK regime’s ability to simultaneously pursue multiple objectives,” the researchers explained.
Fake jobs and fake employees
The three groups are now tracked as Labyrinth Chollima, Golden Chollima and Pressure Chollima.
“AND” Labyrinth Chollima is mostly tasked with cyberespionage and intelligence gathering. Its targets include military and defense, government, logistics and nuclear organizations located primarily in the US, Europe and South Korea.
Golden Chollima will focus on small fintech companies in the US, Canada, South Korea, India and Western Europe, with the goal of cryptocurrency theft.
Pressure Chollima has a similar mission (to steal cryptos), but unlike its partners from Golden Chollima, it focuses on centralized exchanges and technology companies in the west.
“PRESSURE CHOLLIMA carried out the DPRK’s highest-profile cryptocurrency heist, including the two largest cryptocurrency heists ever,” Crowdstrike said. “Public reporting links additional high-value thefts ranging from $52 million USD to $120 million USD to PRESSURE CHOLLIMA based on recycled cryptocurrency wallets.”
North Korean hackers are known to attack crypto companies and use the stolen tokens to fund their state apparatus and nuclear weapons programs. Crowdstrike believes that the goals have not changed and that, despite improved trade relations with Russia, North Korea still “requires additional revenue to fund ambitious military plans that include the construction of new destroyers, the construction of nuclear-powered submarines and the launch of additional reconnaissance satellites.”
These groups, along with the dreaded Lazarus Group, often create fake jobs on LinkedIn, as well as fake job applicants, to target tech companies and professionals, installing backdoors and info stealers.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
