Ricochet Chollima
   HOME

TheInfoList



Click Here for Items Related To - Ricochet Chollima
OR:
Ricochet Chollima on:   [Wikipedia]   [Google]   [Amazon]

Ricochet Chollima (also known as APT 37, Reaper, and ScarCruft) is a North Korean state backed hacker group that is believed to have been created sometime before 2016 and is typically involved in operations against financial institutions to generate assets for North Korea, but also conducts attacks on the industrial sector in other countries.
CrowdStrike CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services. The company has been involved in investigations of seve ...
has stated that the group mainly attacks a variety of South Korean organizations and individuals, including academics, journalists, and
North Korean defectors People defect from North Korea for political, material, and personal reasons. Defectors flee to various countries, mainly South Korea. In South Korea, they are referred to by several terms, including "northern refugees" and "new settlers". To ...
. But also stated the group has also engaged in attacks against Japan, Vietnam, Hong Kong, the Middle East, Russia, and the United States.
FireEye Trellix (formerly FireEye and McAfee Enterprise) is a privately held cybersecurity company that was founded in 2022. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and ana ...
has called the group "the overlooked North Korean threat actor."


History

The group is believed to have been founded sometime around 2012, according to FireEye. In January 2021 the group was found to be using a
Trojan horse In Greek mythology, the Trojan Horse () was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer, Homer's ''Iliad'', with the poem ending ...
for a
spear-phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
campaign that targeted the South Korean government.
NPO Mashinostroyeniya NPO Mashinostroyeniya () is a rocket design bureau based in Reutov, Russia. During the Cold War it was responsible for several major weapons systems, including the UR-100N Intercontinental ballistic missile and the military Almaz space station ...
, a Russian ballistic missile manufacturer was allegedly hacked by the group in 2023, as discovered by
SentinelOne SentinelOne, Inc. is an American Computer security, cybersecurity company listed on NYSE based in Mountain View, California. The company was founded in 2013 by Tomer Weingarten, Almog Cohen and Ehud ("Udi") Shamir. Weingarten acts as the company' ...
.SentinelOne. (7 August 2023). "Comrades in Arms? , North Korea Compromises Sanctioned Russian Missile Engineering Company"

Retrieved 7 August 2023.


See also

* Kimsuky *
Lazarus Group The Lazarus Group (also known as Guardians of Peace or Whois Team ) is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the group, researchers have at ...


References

North Korean advanced persistent threat groups Hacking in the 2010s Cyberattack gangs {{NorthKorea-stub