Labyrinth Chollima is an alternate name for the group known as APT38

---

Labyrinth Chollima is an advanced persistent threat (APT) that has been active since at least 2016 and continues to target organizations in various industries, including government agencies, financial institutions, and defense contractors. The group uses a variety of tactics, techniques, and procedures (TTPs), such as spear-phishing emails with malicious attachments or links, watering hole attacks on compromised websites, and exploitation of vulnerabilities in software to gain access to sensitive information. Labyrinth Chollima is believed to be a North Korean APT group that operates under the direction of the Reconnaissance General Bureau (RGB), which is responsible for intelligence gathering activities against South Korea and other countries. The group has been linked to several high-profile cyber attacks, including the Sony Pictures Entertainment hack in 2014 and the WannaCry ransomware attack that affected organizations worldwide

Techniques, tactics and practices:

Labyrinth Chollima uses a variety of TTPs to carry out its attacks. Some examples include spear-phishing emails with malicious attachments or links, watering hole attacks on compromised websites, and exploitation of vulnerabilities in software to gain access to sensitive information. The group also reportedly employs sophisticated social engineering techniques, such as impersonating legitimate organizations or individuals to trick targets into opening infected emails or downloading malicious attachments. Additionally, Labyrinth Chollima has been known to use custom-built tools and exploits that are not widely available in the cybersecurity community, making it difficult for defenders to detect their activities.