Stardust Chollima is an alternate name for the group known as APT38

---

Stardust Chollima is an advanced persistent threat (APT) that has been active since at least 2014 and targets various industries, including government agencies, military organizations, defense contractors, telecommunications companies, and media outlets. The group\'s primary focus appears to be on stealing sensitive information related to national security or economic interests of the targeted countries. Stardust Chollima has been linked to North Korea due to its use of Korean language in some of their malware samples and similarities with other known APT groups associated with Pyongyang, such as Lazarus Group and Andariel. The group\'s tactics include spear-phishing emails that contain links or attachments containing malicious software, exploiting vulnerabilities in popular software like Microsoft Office and Adobe Acrobat Reader, and using social engineering techniques to gain access to sensitive information. Stardust Chollima is considered

Techniques, tactics and practices:

Stardust Chollima employs a variety of techniques to achieve its objectives. Some of these include spear-phishing emails that contain links or attachments containing malicious software, exploiting vulnerabilities in popular software like Microsoft Office and Adobe Acrobat Reader, using social engineering techniques to gain access to sensitive information, conducting reconnaissance on targeted organizations before launching attacks, and utilizing various tools for exfiltration of stolen data. The group also employs a range of tactics, including stealing login credentials through phishing emails or by exploiting vulnerabilities in software like Microsoft Office and Adobe Acrobat Reader, conducting reconnaissance on targeted organizations before launching attacks, using various tools for exfiltration of stolen data, utilizing encryption to protect their malware from detection, and developing customized malware tailored to specific targets. Overall, Stardust Chollima is