Aliases
Silent Chollima, Andariel, GOP, Guardian of Peace, Onyx Sleet, OperationTroy, PLUTONIUM
Tags
State-Sponsored
Attribution
🇰🇵
Incidents
Andariel exploiting Apache ActiveMQ
References
https://malpedia.caad.fkie.fraunhofer.de/actor/silent_chollima
Last edited
Oct 14, 2024 1:01 PM
Status
Finalized
Cloud-fluent
Targeted geography
South Korea
Andariel is a threat actor that mainly focuses on attacking South Korean companies and institutions. It is thought to either collaborate with or act as a subsidiary of the Lazarus threat group. Andariel employs spear phishing, watering hole attacks, and supply chain attacks to gain initial access. They are also known for exploiting vulnerabilities and deploying malware like Infostealer and TigerRAT.