This North Korean malware has now been divided into three groups for maximum impact
- The Original Labyrinth Chollima continues to spy against the military, government, and nuclear sectors
- Golden Chollima targets fintech firms around the world for stealing cryptocurrency
- Pressure Chollima attacks central exchanges, after record-breaking crypto heists
One of the largest and most successful North Korean state-sponsored terror actors has split into three separate organizations, each with their own tactics, malware tools, targets, and goals, experts have warned.
In a recent in-depth analysis, researchers from CrowdStrike explained that this step is a strategic change to make the cyberattacks of Labyrinth Chollima more efficient, and that the newly formed groups will continue to work together.
“The division of LABYRINTH CHOLLIMA into special operations units represents a strategic shift to enhance the DPRK regime’s ability to pursue multiple objectives simultaneously,” the researchers explained.
Fake jobs and fake employees
Three groups are now followed as Labyrinth Chollima, Golden Chollima, and Pressure Chollima.
The “OG” Labyrinth Chollima has a lot of cyber-espionage and intelligence gathering activity. Its targets include military and defense, government, transportation, and nuclear organizations, located mainly in the US, Europe, and South Korea.
Golden Chollima will be targeting small fintech firms in the US, Canada, South Korea, India, and Western Europe, with the aim of stealing crypto currency.
Pressure Chollima has the same mission (stealing cryptos), but unlike its Golden Chollima counterparts, it focuses on central trading, and technology companies in the west.
“PRESSURE CHOLLIMA has carried out the DPRK’s largest cryptocurrency heist, including the largest cryptocurrency heist on record,” Crowdstrike said. “Public reporting links additional high-value thefts ranging from $52 million USD to $120 million USD to PRESSURE CHOLLIMA based on recycled cryptocurrency.”
North Korean hackers are known to target crypto companies and use the stolen tokens to fund their country’s utilities and nuclear weapons programs. Crowdstrike believes that the goals have not changed, and that despite improving trade relations with Russia, North Korea “still needs more money to fund low-cost military programs that include building new destroyers, building nuclear-powered submarines, and launching more exploration satellites.”
These groups, along with the dreaded Lazarus Group, often create fake jobs on LinkedIn, and fake job applicants, to target tech companies and professionals, install backdoors and infostealers.
The best antivirus for all budgets
Follow TechRadar for Google news again add us as a favorite resource to get our expert news, reviews, and opinions in your feed. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok to get news, reviews, unboxings in video form, and get regular updates from us WhatsApp again.
