Ricochet Chollima

Ricochet Chollima (also known as APT 37, Reaper, and ScarCruft) is a North Korean state backed hacker group that is believed to have been created sometime before 2016 (probably around 2012^[1]) and is typically involved in operations against financial institutions to generate assets for North Korea, but also conducts attacks on the industrial sector in other countries. CrowdStrike has stated that the group mainly attacks a variety of South Korean organizations and individuals, including academics, journalists, and North Korean defectors. But also stated the group has also engaged in attacks against Japan, Vietnam, Hong Kong, the Middle East, Russia, and the United States.^[2]^[3]^[4] FireEye has called the group "the overlooked North Korean threat actor."^[1]

History

The group is believed to have been founded sometime around 2012, according to FireEye.^[1]

In January 2021 the group was found to be using a Trojan horse for a spear-phishing campaign that targeted the South Korean government.^[5]^[6]

NPO Mashinostroyeniya, a Russian ballistic missile manufacturer was allegedly hacked by the group in 2023, as discovered by SentinelOne.^[7]^[8]

References

^ ^a ^b ^c Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Reuters. (7 August 2023). "North Korean cyber group hacked top Russian missile makers". Jerusalem Post website Retrieved 7 August 2023.
^ SentinelOne. (7 August 2023). "Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company". [1] Retrieved 7 August 2023.

This North Korea-related article is a stub. You can help Wikipedia by expanding it.

[fireeye-1] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[2] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[3] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[4] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[5] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[6] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[7] Reuters. (7 August 2023). "North Korean cyber group hacked top Russian missile makers". Jerusalem Post website Retrieved 7 August 2023.

[8] SentinelOne. (7 August 2023). "Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company". [1] Retrieved 7 August 2023.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

Ricochet Chollima

History

See also

References

Navigation menu

Ricochet Chollima

History

See also

References

Navigation menu

Search