ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Subgroup: Andariel, Silent Chollima

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Subgroup: Andariel, Silent Chollima

NamesAndariel (FSI)
Silent Chollima (CrowdStrike)
Stonefly (Symantec)
Plutonium (Microsoft)
CountryNorth Korea North Korea
MotivationInformation theft and espionage
First seen2014
DescriptionA subgroup of Lazarus Group, Hidden Cobra, Labyrinth Chollima.
Observed
Tools used
Operations performed2014Operation “BLACKMINE”
Target: South Korean organizations.
Method: Information theft and espionage.
2014Operation “GHOSTRAT”
Target: Defense industry.
Method: Information theft and espionage.
2014Operation “XEDA”
Target: Foreign defense industries.
Method: Information theft and espionage.
2015Operation “INITROY”/Phase 1
Target: South Korean organizations.
Method: Information theft/early phase operation.
2015Operation “DESERTWOLF”/Phase 3
Target: South Korean defense industry.
Method: Information theft and espionage.
2015Operation “BLACKSHEEP”/Phase 3.
Target: Defense industry.
Method: Information theft and espionage.
2016Operation “INITROY”/Phase 2
Target: South Korean organizations.
Method: Information theft/early phase operation.
2016Operation “VANXATM”
Target: ATM companies.
Method: Financial theft/BPC.
2017Operation “Mayday”
Target: South Koran Financial Company.
Method: Information theft and espionage.
Jun 2018Operation “GoldenAxe”
<https://blog.trendmicro.com/trendlabs-security-intelligence/new-andariel-reconnaissance-tactics-hint-at-next-targets/>
Apr 2021Lazarus APT conceals malicious code within BMP image to drop its RAT
<https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/>
<https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/>
Jun 2021Andariel evolves to target South Korea with ransomware
<https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/>
Feb 2022Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets
<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage>
Aug 2022Andariel deploys DTrack and Maui ransomware
<https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/>
MITRE ATT&CK<https://attack.mitre.org/groups/G0138/>

Last change to this card: 30 December 2022

Download this actor card in PDF or JSON format

Previous: Lazarus Group, Hidden Cobra, Labyrinth Chollima
Next: Subgroup: BeagleBoyz

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]