This threat actor targets South Korean think tanks, industry, nuclear power operators, and the Ministry of Unification for espionage purposes.
Also known as
Velvet Chollima, Black Banshee, Thallium, Operation Stolen Pencil, G0086, APT43, Emerald Sleet, THALLIUM, Springtail, Sparkling Pisces, RGB-D5, Greendinosa.
References
- securelist.com
- cfr.org
- pwc.co.uk
- youtu.be
- bloomberglaw.com
- netscout.com
- unit42.paloaltonetworks.com
- attack.mitre.org
- us-cert.cisa.gov
- cybereason.com
- mandiant.widen.net
- asec.ahnlab.com
Actor metadata imported from Malpedia (Fraunhofer FKIE).