Open-source reporting has claimed that the Hermes ransomware was developed by the North Korean group STARDUST CHOLLIMA (activities of which have been public reported as part of the “Lazarus Group”), because Hermes was executed on a host during the SWIFT compromise of FEIB in October 2017.
Also known as
Sapphire Sleet.
References
Actor metadata imported from Malpedia (Fraunhofer FKIE).