Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

Nowhere to Hide: Detecting SILENT CHOLLIMA’s Custom Tooling

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
-
Word Count
1,964
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

CrowdStrike's OverWatch threat hunting team recently uncovered a sophisticated intrusion by the North Korean threat actor group SILENT CHOLLIMA, targeting a pharmaceutical organization. The adversary utilized the Smbexec tool for covert execution and employed a variety of custom tools, including the information stealer GifStealer and the remote access tool Valefor, to conduct reconnaissance and data collection. Despite the absence of CrowdStrike Falcon sensors on some hosts, OverWatch quickly collaborated with the victim organization to expand sensor coverage and successfully identify additional compromised hosts. This proactive threat hunting and rapid deployment of Falcon sensors were crucial in containing and removing the threat actor from the network. OverWatch emphasized the importance of comprehensive endpoint protection and recommended monitoring service account activity, service creation events, and remote user connections to prevent similar intrusions.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
AI Agents 1 2,394 1,321 1 -
Zero Trust 1 1,843 1,331 3 +61333%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.