APT group: Subgroup: Andariel, Silent Chollima| Names | Andariel (FSI) Silent Chollima (CrowdStrike) | |
| Country |  North Korea | |
| Motivation | Information theft and espionage | |
| First seen | 2014 | |
| Description | A subgroup of Lazarus Group, Hidden Cobra, Labyrinth Chollima. | |
| Observed | ||
| Tools used | ||
| Operations performed | 2014 | Operation “BLACKMINE” Target: South Korean organizations. Method: Information theft and espionage. |
| 2014 | Operation “GHOSTRAT” Target: Defense industry. Method: Information theft and espionage. | |
| 2014 | Operation “XEDA” Target: Foreign defense industries. Method: Information theft and espionage. | |
| 2015 | Operation “INITROY”/Phase 1 Target: South Korean organizations. Method: Information theft/early phase operation. | |
| 2015 | Operation “DESERTWOLF”/Phase 3 Target: South Korean defense industry. Method: Information theft and espionage. | |
| 2015 | Operation “BLACKSHEEP”/Phase 3. Target: Defense industry. Method: Information theft and espionage. | |
| 2016 | Operation “INITROY”/Phase 2 Target: South Korean organizations. Method: Information theft/early phase operation. | |
| 2016 | Operation “VANXATM” Target: ATM companies. Method: Financial theft/BPC. | |
| 2017 | Operation “Mayday” Target: South Koran Financial Company. Method: Information theft and espionage. | |
| Jun 2018 | Operation “GoldenAxe” <https://blog.trendmicro.com/trendlabs-security-intelligence/new-andariel-reconnaissance-tactics-hint-at-next-targets/> | |
Last change to this card: 15 April 2020
Download this actor card in PDF or JSON format
Previous: Lazarus Group, Hidden Cobra, Labyrinth Chollima
Next: Subgroup: BeagleBoyz
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |