Storm-0530  (Back to overview)

aka: DEV-0530, H0lyGh0st

H0lyGh0st is a North Korean threat actor that has been active since June 2021. They are responsible for developing and deploying the H0lyGh0st ransomware, which targets small-to-medium businesses in various sectors. The group employs "double extortion" tactics, encrypting data and threatening to publish it if the ransom is not paid. There are connections between H0lyGh0st and the PLUTONIUM APT group, indicating a possible affiliation.

Associated Families

There are currently no families associated with this actor.

2023-03-24Kaspersky LabsKaspersky Lab ICS CERT
APT attacks on industrial organizations in H2 2022
Earth Longzhi Storm-0530 UNC3890
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Maui Ransomware SiennaBlue SiennaPurple Storm-0530
2022-08-04BlackberryBlackBerry Research & Intelligence Team
North Korean H0lyGh0st Ransomware Has Ties to Global Geopolitics
SiennaBlue SiennaPurple Storm-0530
2022-07-29PICUS SecurityHüseyin Can YÜCEEL
H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware
SiennaBlue SiennaPurple Storm-0530
2022-07-14MicrosoftMicrosoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware
SiennaBlue SiennaPurple Storm-0530

Credits: MISP Project