Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

LABYRINTH CHOLLIMA Evolves into Three Adversaries

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
LABYRINTH CHOLLIMA
Word Count
2,738
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

LABYRINTH CHOLLIMA, a North Korean cyber adversary tracked by CrowdStrike, has evolved into three distinct entities: GOLDEN CHOLLIMA, PRESSURE CHOLLIMA, and the core LABYRINTH CHOLLIMA group, each with specialized objectives and malware. GOLDEN CHOLLIMA focuses on consistent, smaller-scale cryptocurrency thefts, using cloud-focused tactics and sophisticated malware like Jeus and its variants. PRESSURE CHOLLIMA targets high-value cryptocurrency heists and is known for deploying advanced implants and malware like SparkDownloader. Meanwhile, the core LABYRINTH CHOLLIMA group continues to focus on espionage, targeting industrial, logistics, and defense sectors using advanced malware like FudModule. Despite their operational independence, these groups share tools and infrastructure, indicating centralized coordination within the DPRK cyber ecosystem, highlighting the strategic segmentation of DPRK’s cyber operations to pursue multiple objectives simultaneously amid international sanctions.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
AI Agents 2 2,394 1,321 1 -
Kubernetes 1 1,086 169 37 +2%
Real-time 1 1,659 640 46 +203%
Zero Trust 1 1,843 1,331 3 +61333%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.