- Original Labyrinth Chollima continues espionage against the military, government and nuclear sectors
- Golden Chollima targets fintech companies around the world to steal cryptocurrencies
- Pressure Chollima attacks centralized exchanges, behind record cryptocurrency heists
One of North Korea’s largest and most successful state-sponsored threat actors has split into three separate entities, each with its own tactics, malicious tools, targets and objectives, experts have warned.
In a recent in-depth analysis, CrowdStrike researchers explained that this was a strategic development aimed at making Labyrinth Chollima cyberattacks more effective and that the newly formed teams would continue to work together.
“The segmentation of LABYRINTH CHOLLIMA into specialized operational units represents a strategic development that strengthens the DPRK regime’s ability to pursue multiple objectives simultaneously,” the researchers explained.
Fake jobs and fake employees
The three groups are now tracked under the names Labyrinth Chollima, Golden Chollima and Pressure Chollima.
Labyrinth Chollima “OG” is primarily responsible for cyberespionage and intelligence gathering. Its targets include military and defense, government, logistics and nuclear organizations, located primarily in the United States, Europe and South Korea.
Golden Chollima will focus on small fintech companies in the United States, Canada, South Korea, India and Western Europe, with the aim of stealing cryptocurrencies.
Pressure Chollima has a similar task (stealing cryptos), but unlike its partners at Golden Chollima, it focuses on centralized exchanges and Western technology companies.
“PRESSURE CHOLLIMA led the DPRK’s most high-profile cryptocurrency heists, including the two largest cryptocurrency heists on record,” Crowdstrike said. “Public reports link other high-value thefts ranging from $52 million to $120 million to PRESSURE CHOLLIMA based on repurposed cryptocurrency wallets.”
North Korean hackers are known to target crypto companies and use the stolen tokens to fund their state apparatus and nuclear weapons programs. Crowdstrike believes that the goals have not changed and that, despite improving trade relations with Russia, North Korea “still needs additional revenue to finance ambitious military projects that include building new destroyers, building nuclear-powered submarines, and launching additional reconnaissance satellites.”
These groups, along with the dreaded Lazarus Group, often create fake jobs on LinkedIn, as well as fake candidates, to target tech companies and professionals, install backdoors and information stealers.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
