Uptime Hamster: 15d 5h 18mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza Storm-0530

Storm-0530

0 incidentes 0 paises 0 sectores apt KP Ultimo: -
Aliases: DEV-0530, H0lyGh0st
Ver en IntelTracker → APTTrail →
Storm-0530, identified also as DEV-0530 and H0lyGh0st, is a North Korean state-sponsored threat actor first observed in June 2021. This group primarily focuses on financially motivated operations, using its custom H0lyGh0st ransomware to target small and mid-sized businesses (SMBs) globally. This targeting strategy distinguishes Storm-0530 from many other state-sponsored groups that typically concentrate on larger, higher-profile entities for espionage, though its activities contribute to North Korea's economic objectives.

Aliases del actor

DEV-0530H0lyGh0st

Actores similares

devmanransomware · 184stormousransomware · 177crimson-sandstormactor · 1Network Devicesactor · 1Compromise Software Dependencies and Development Toolsactor · 1Device Driver Discoveryactor · 1Storm-1811actor · 1Storm-0501apt · 1Dust Stormapt · 1CS FQL: 32. Detect Data Exfiltration via external storage devicesactor · 1
Tecnicas MITRE
T1195 - Supply Chain Compromise, T1113 - Screen Capture, T1078, T1059 - Command and Scripting Interpreter, T1059.001, T1027 - Obfuscated Files or Information
CVEs relacionadas
CVE-2023-46604, CVE-2023-42793, CVE-2023-27350, CVE-2023-22515, CVE-2021-44228
Tipo
apt
Pais origen
KP
Motivacion
-
Impacto
8
Actualizado
Sat, 03 Fe

Sectores objetivo (SOCRadar)

ManufacturingFinanceEducational ServicesArts & EntertainmentPublic AdministrationBanking