- Original Labyrinth Chollima continues espionage against the military, government and nuclear sectors
- Golden Chollima targets fintech companies around the world to steal cryptocurrencies
- Pressure Chollima Attacks Centralized Exchanges, Behind Unprecedented Crypto Heists
One of North Korea’s largest and most successful state-sponsored threat actors has split into three separate entities, each with its own tactics, malware tools, targets and objectives, experts have warned.
In a recent in-depth analysis, CrowdStrike researchers explained that the move is a strategic evolution to make Labyrinth Chollima cyberattacks more efficient and that the newly formed teams will continue to work together.
“The segmentation of LABYRINTH CHOLLIMA into specialized operational units represents a strategic evolution that enhances the DPRK regime’s ability to simultaneously pursue multiple objectives,” the researchers explained.
Fake jobs and fake employees
The three groups are now tracked as Labyrinth Chollima, Golden Chollima and Pressure Chollima.
The Chollima “OG” Labyrinth’s main task is cyber espionage and intelligence gathering. Its targets include military and defense, government, logistics and nuclear organizations, located primarily in the United States, Europe and South Korea.
Golden Chollima will target small fintech companies in the US, Canada, South Korea, India and Western Europe, with the goal of stealing cryptocurrencies.
Pressure Chollima has a similar task (stealing cryptocurrencies), but unlike its Golden Chollima partners, it focuses on centralized exchanges and technology companies in the West.
“PRESSURE CHOLLIMA carried out the highest-profile cryptocurrency heists in the DPRK, including the two largest cryptocurrency heists on record,” Crowdstrike said. “Public reports link additional high-value thefts ranging from $52 million to $120 million to PRESSURE CHOLLIMA based on repurposed cryptocurrency wallets.”
North Korean hackers are known for attacking cryptocurrency companies and using the stolen tokens to fund their state apparatus and nuclear weapons programs. Crowdstrike believes the goals have not changed and that, despite improving trade relations with Russia, North Korea still “needs additional revenue to fund ambitious military plans that include building new destroyers, building nuclear-powered submarines, and launching additional reconnaissance satellites.”
These groups, along with the feared Lazarus Group, often create fake jobs on LinkedIn, as well as fake job applicants, to attack companies and technology professionals, install backdoors and information thieves.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
