Find notable cyber news and cases, enriched with sources, timelines, and signals.

Labyrinth Chollima split into three North Korean hacking groups

Threat Actor Meta
First reported
Last updated
Happening score
H score 26
2 unique sources, 2 articles

Summary

Hide ▲

Labyrinth Chollima has been split into three tracked North Korean groups, reshaping how defenders map a major DPRK cyber ecosystem and its target set. Golden Chollima and Pressure Chollima are now tracked separately from the original cluster. The split matters because the groups show distinct toolsets and different targeting priorities, even while they still share infrastructure.

Related Happenings

Scattered Spider reclassified as a decentralized collective of independent clusters

Threat Actor Meta
H score26 First: 07.07.2026 17:00 Last: 07.07.2026 17:00 Sources 1

About this happening: **Scattered Spider** has been reclassified as a **decentralized cybercrime collective**, changing how its persistence and resilience are understood. The shift suggests **independe...

Phantom Mantis shifts The Gentlemen into an independent ransomware partnership program

Threat Actor Meta
H score24 First: 11.06.2026 19:50 Last: 11.06.2026 19:50 Sources 1

About this happening: **Phantom Mantis** moved **The Gentlemen** from dependence on other ransomware ecosystems into an **independent partnership program**, expanding its operational autonomy and affil...

GREYVIBE's Kremlin-aligned role in the Russian cybercrime ecosystem

Threat Actor Meta
H score15 First: 29.05.2026 14:31 Last: 29.05.2026 14:31 Sources 1

About this happening: A newly characterized **GREYVIBE** actor sits in a **grey zone** between **Kremlin-aligned intelligence work** and the **Russian cybercrime ecosystem**, complicating attribution f...

GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations

Campaign
H score39 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...

Lazarus Group RemotePE long-term observation campaign against financial and cryptocurrency organizations

Campaign
H score38 First: 25.05.2026 12:32 Last: 25.05.2026 12:32 Sources 1

About this happening: The **Lazarus Group** was tied to a **RemotePE** campaign against **financial and cryptocurrency organizations**, signaling a stealth-focused operation with sustained access risk....

Timeline

  1. 29.01.2026 02:00 3 articles · 5mo ago

    CrowdStrike splits Labyrinth Chollima into three tracked groups

    Attribution Update

    CrowdStrike reclassified the North Korean-linked Labyrinth Chollima ecosystem into three tracked groups — Labyrinth Chollima, Golden Chollima and Pressure Chollima — saying the original cluster remains focused on cyber espionage against industrial, logistics and defense companies, while the other two groups target cryptocurrency entities and all three still share tools and infrastructure. The group lineage includes earlier malware-framework evolution such as KorDLL, Hawup and TwoPence.

    Show sources