A North Korean hacking group that is working under APT38 / Lazarus.

---

Onyx Sleet is an advanced persistent threat (APT) that has been active since at least 2017 and targets organizations in various industries, including government agencies, military contractors, and defense companies. The group\'s primary focus appears to be on stealing sensitive information related to cybersecurity research and development, as well as conducting reconnaissance activities for future attacks. Onyx Sleet has been linked to several high-profile breaches in the past few years, including those of Microsoft, Apple, and Amazon Web Services (AWS). The group is known for its sophisticated tactics, such as using stolen credentials to gain access to sensitive networks or exploiting vulnerabilities in software. Overall, Onyx Sleet represents a significant threat to organizations that handle sensitive information related to cybersecurity and defense research.

Techniques, tactics and practices:

Onyx Sleet is a highly sophisticated threat actor that employs various techniques to achieve its objectives. Some of these include:

1. Spear-phishing attacks - These are targeted emails sent to specific individuals or organizations, often containing malicious attachments or links that can be used to gain access to sensitive networks and systems.
2. Watering hole attacks - Onyx Sleet targets websites that are frequently visited by its intended victims in order to deliver malware through these sites. This technique is known as a \"watering hole\" attack, which involves compromising legitimate websites or online services to gain access to sensitive information and systems.
3. Reconnaissance - Onyx Sleet conducts extensive reconnaissance activities on its targets in order to gather intelligence about their networks, systems, and security measures. This information can be used later for more targeted attacks that are designed to exploit vulnerabilities