Andariel is a threat actor that primarily targets South Korean corporations and institutions. They are believed to collaborate with or operate as a subsidiary organization of the Lazarus threat group. WHOIS utilizes spear phishing attacks, watering hole attacks, and supply chain attacks for initial access. They have been known to exploit vulnerabilities and use malware such as Infostealer and TigerRAT.
Also known as
OperationTroy, Guardian of Peace, GOP, WHOis Team, Andariel, Subgroup: Andariel, Onyx Sleet, PLUTONIUM.
References
Actor metadata imported from Malpedia (Fraunhofer FKIE).