Velvet Chollima

Velvet Chollima is a North Korean-based threat group that has been active since at least September 2013. This threat group has targeted Korean think tanks and organizations attempting to interrupt North Korean nuclear technology advancement. The group was attributed as the actor behind the Korea Hydro & Nuclear Power Co. compromise.

Other names for this threat

Kimsuki, Kimsuky

This is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.