LABYRINTH CHOLLIMA Evolves into Three Adversaries
Blog post from Crowdstrike
LABYRINTH CHOLLIMA, a North Korean cyber adversary tracked by CrowdStrike, has evolved into three distinct entities: GOLDEN CHOLLIMA, PRESSURE CHOLLIMA, and the core LABYRINTH CHOLLIMA group, each with specialized objectives and malware. GOLDEN CHOLLIMA focuses on consistent, smaller-scale cryptocurrency thefts, using cloud-focused tactics and sophisticated malware like Jeus and its variants. PRESSURE CHOLLIMA targets high-value cryptocurrency heists and is known for deploying advanced implants and malware like SparkDownloader. Meanwhile, the core LABYRINTH CHOLLIMA group continues to focus on espionage, targeting industrial, logistics, and defense sectors using advanced malware like FudModule. Despite their operational independence, these groups share tools and infrastructure, indicating centralized coordination within the DPRK cyber ecosystem, highlighting the strategic segmentation of DPRK’s cyber operations to pursue multiple objectives simultaneously amid international sanctions.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| AI Agents | 2 | 2,394 | 1,321 | 1 | - |
| Kubernetes | 1 | 1,086 | 169 | 37 | +2% |
| Real-time | 1 | 1,659 | 640 | 46 | +203% |
| Zero Trust | 1 | 1,843 | 1,331 | 3 | +61333% |
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.