ETDA ThaiCERT
Report
Search
Home > List all groups > Subgroup: Andariel, Silent Chollima

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Subgroup: Andariel, Silent Chollima

NamesAndariel (FSI)
Silent Chollima (CrowdStrike)
CountryNorth Korea North Korea
MotivationInformation theft and espionage
First seen2014
DescriptionA subgroup of Lazarus Group, Hidden Cobra, Labyrinth Chollima.
Observed
Tools used
Operations performed2014Operation “BLACKMINE”
Target: South Korean organizations.
Method: Information theft and espionage.
2014Operation “GHOSTRAT”
Target: Defense industry.
Method: Information theft and espionage.
2014Operation “XEDA”
Target: Foreign defense industries.
Method: Information theft and espionage.
2015Operation “INITROY”/Phase 1
Target: South Korean organizations.
Method: Information theft/early phase operation.
2015Operation “DESERTWOLF”/Phase 3
Target: South Korean defense industry.
Method: Information theft and espionage.
2015Operation “BLACKSHEEP”/Phase 3.
Target: Defense industry.
Method: Information theft and espionage.
2016Operation “INITROY”/Phase 2
Target: South Korean organizations.
Method: Information theft/early phase operation.
2016Operation “VANXATM”
Target: ATM companies.
Method: Financial theft/BPC.
2017Operation “Mayday”
Target: South Koran Financial Company.
Method: Information theft and espionage.
Jun 2018Operation “GoldenAxe”
<https://blog.trendmicro.com/trendlabs-security-intelligence/new-andariel-reconnaissance-tactics-hint-at-next-targets/>

Last change to this card: 15 April 2020

Download this actor card in PDF or JSON format

Previous: Lazarus Group, Hidden Cobra, Labyrinth Chollima
Next: Subgroup: BeagleBoyz

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key