LABYRINTH CHOLLIMA Evolves into Three Adversaries

LABYRINTH CHOLLIMA, a North Korean cyber adversary tracked by CrowdStrike, has evolved into three distinct entities: GOLDEN CHOLLIMA, PRESSURE CHOLLIMA, and the core LABYRINTH CHOLLIMA group, each with specialized objectives and malware. GOLDEN CHOLLIMA focuses on consistent, smaller-scale cryptocurrency thefts, using cloud-focused tactics and sophisticated malware like Jeus and its variants. PRESSURE CHOLLIMA targets high-value cryptocurrency heists and is known for deploying advanced implants and malware like SparkDownloader. Meanwhile, the core LABYRINTH CHOLLIMA group continues to focus on espionage, targeting industrial, logistics, and defense sectors using advanced malware like FudModule. Despite their operational independence, these groups share tools and infrastructure, indicating centralized coordination within the DPRK cyber ecosystem, highlighting the strategic segmentation of DPRK’s cyber operations to pursue multiple objectives simultaneously amid international sanctions.