TZUTC: -0500   
   MSGID: 2075.consprcy@1:2320/105 2de3b60a   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Labyrinth Chollima is morphing into three separate entities   
      
   One of the largest and most successful North Korean state-sponsored threat   
   actors has split into three separate entities, each with their own tactics,   
   malware tools, targets, and goals, experts have warned.   
      
   In a recent in-depth analysis, researchers from CrowdStrike expalined the move   
   is a strategic evolution to make Labyrinth Chollima cyberattacks more   
   efficient, and that the newly formed teams will continue working together.   
      
   "LABYRINTH CHOLLIMA's segmentation into specialized operational units   
   represents a strategic evolution that enhances the DPRK regime's ability to   
   simultaneously pursue multiple objectives," the researchers explained.   
      
   Fake jobs and fake employees   
      
   The three groups are now tracked as Labyrinth Chollima, Golden Chollima, and   
   Pressure Chollima.   
      
   The "OG" Labyrinth Chollima is mostly tasked with cyber-espionage and   
   intelligence gathering. Its targets include military and defense, government,   
   logistics, and nuclear organizations, located primarily in the US, Europe, and   
   South Korea.   
      
   Golden Chollima will be focusing on small fintech firms in the US, Canada,   
   South Korea, India, and Western Europe, with the goal of cryptocurrency theft.   
      
   Pressure Chollima has a similar task (to steal cryptos), but unlike its   
   partners from Golden Chollima, it focuses on centralized exchanges, and   
   technology companies in the west.   
      
   "PRESSURE CHOLLIMA conducted the DPRK's highest-profile cryptocurrency   
   heists, including the two largest cryptocurrency thefts on record,"   
   Crowdstrike said. "Public reporting links additional high-value thefts   
   ranging from $52 million USD to $120 million USD to PRESSURE CHOLLIMA based on   
   reused cryptocurrency wallets."   
      
   North Korean hackers are known for targeting crypto companies and using the   
   stolen tokens to fund their state apparatus and nuclear weapons programs.   
   Crowdstrike believes the goals have not changed, and that despite improving   
   trade relations with Russia, North Korea still "requires additional revenue   
   to fund ambitious military plans that include constructing new destroyers,   
   building nuclear-powered submarines, and launching additional reconnaissance   
   satellites."   
      
   These groups, together with the dreaded Lazarus Group, often create fake jobs   
   on LinkedIn, as well as fake job applicants, to target tech companies and   
   professionals, install backdoors and infostealers.   
      
   FULL STORY: https://www.techradar.com/pro/security/this-dangerous-north-korean-   
   malware-has-now-split-into-three-entities-for-maximum-impact   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426