| SYMBOL | COMMON_NAME | aka. SYNONYMS |
H0lyGh0st is a North Korean threat actor that has been active since June 2021. They are responsible for developing and deploying the H0lyGh0st ransomware, which targets small-to-medium businesses in various sectors. The group employs "double extortion" tactics, encrypting data and threatening to publish it if the ransom is not paid. There are connections between H0lyGh0st and the PLUTONIUM APT group, indicating a possible affiliation.
There are currently no families associated with this actor.
| 2023-03-24
⋅
Kaspersky Labs
⋅
APT attacks on industrial organizations in H2 2022 Earth Longzhi Storm-0530 UNC3890 |
| 2023-02-09
⋅
CISA
⋅
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities Maui Ransomware SiennaBlue SiennaPurple Storm-0530 |
| 2022-08-04
⋅
Blackberry
⋅
North Korean H0lyGh0st Ransomware Has Ties to Global Geopolitics SiennaBlue SiennaPurple Storm-0530 |
| 2022-07-29
⋅
PICUS Security
⋅
H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware SiennaBlue SiennaPurple Storm-0530 |
| 2022-07-14
⋅
Microsoft
⋅
North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware SiennaBlue SiennaPurple Storm-0530 |