November 24, 2021

Stardust Chollima

Industry: N/A | Level: Strategic | Source: DailyBeast

Observed by CrowdStrike, North Korean hackers designated as “Stardust Chollima,” are suspected of going after Chinese security researchers with the objective of stealing their hacking techniques. In June 2021, phishing emails were distributed containing malicious attachments titled “Securitystatuscheck.zip” and “_signed.pdf.” The emails contained references to China’s Ministry of Public Security and the National Information Security Standardization Technical Committee. The motive appears to be for the threat group to obtain new techniques and particularly zero days for offensive campaigns. It is currently unknown if there were any victims.