Andariel
Aliases: Silent Chollima, PLUTONIUM, Onyx Sleet
Andariel is a North Korean state-sponsored threat group that has been active since at least 2009. Andariel has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military organizations, and a variety of domestic companies; they have also conducted cyber financial operations against ATMs, banks, and cryptocurrency exchanges. Andariel's notable activity includes Operation Black Mine, Operation GoldenAxe, and Campaign Rifle. Andariel is considered a sub-set of Lazarus Group, and has been attributed to North Korea's Reconnaissance General Bureau. North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups.
Open interactive actor investigation
ATT&CK techniques
System Network Connections DiscoveryT1203
Exploitation for Client ExecutionT1005
Data from Local SystemT1590.005
IP AddressesT1189
Drive-by CompromiseT1057
Process DiscoveryT1592.002
SoftwareT1588.001
MalwareT1204.002
Malicious FileT1566.001
Spearphishing AttachmentT1027.003
SteganographyT1105
Ingress Tool Transfer