Uptime Hamster: 15d 4h 13mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza holyghost

holyghost

2 incidentes 2 paises 1 sectores ransomware KR Ultimo: 2026-06-29
Aliases: H0lyGh0st, Storm-0530, DEV-0530
Ver en IntelTracker → APTTrail →
HolyGhost, also known as H0lyGh0st and tracked by Microsoft as DEV-0530 (later Storm-0530), is a North Korean ransomware group that first emerged in June 2021, evolving its malware from C++-based SiennaPurple variants to Go-based SiennaBlue variants by late 2021. The group is assessed with high confidence to be of North Korean origin, with suspected ties to state-backed groups like PLUTONIUM (also known as DarkSeoul or Andariel). HolyGhost's primary motivation is financial gain through extortion, often targeting small-to-midsize businesses globally, a strategy that distinguishes them from groups focusing solely on large enterprises. They are notable for their double extortion tactics, a willingness to negotiate ransom demands to significantly lower amounts, and their unusual practice of presenting themselves as ethical hackers offering security advice to victims, despite their mercenary intentions. The group has operated under several names, including its ransomware variants SiennaPurp

Aliases del actor

H0lyGh0stStorm-0530DEV-0530

Actores similares

Storm-0530apt · 0devmanransomware · 184stormousransomware · 177crimson-sandstormactor · 1Network Devicesactor · 1Compromise Software Dependencies and Development Toolsactor · 1Device Driver Discoveryactor · 1Storm-1811actor · 1Storm-0501apt · 1Dust Stormapt · 1

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
DLS / onionupmatmq3z3hiovia3voe2tix2x54sghc3tszj74xgdy4tqtypoycszqzqd.onionholyghost
DLS / leak siteupransomware.anggipradana.comRansomware Group: holyghost
Tecnicas MITRE
T1486, T1059, T1071.001, T1003.001
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

United States (1) North Korea (1)

Paises objetivo (SOCRadar)

IndiaJapanKorea, Democratic People's Republic ofKorea, Republic ofUnited States

Sectores atacados

Education (1)

Sectores objetivo (SOCRadar)

Food ManufacturingMonetary Authorities-Central BankEnterprises & HoldingAccommodationManufacturingPublic AdministrationEducational ServicesSpace & DefenseEnergy & Utilities Accommodation&Food Services

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com