Ricochet Chollima

North Korea


RICOCHET CHOLLIMA is a Democratic Peoples’ Republic of Korea (DPRK) targeted intrusion adversary that has been involved in espionage operations since at least 2016. RICOCHET CHOLLIMA’s observed operations have almost exclusively targeted the Republic of Korea (RoK) and are assessed to be focused on RoK government officials, non-governmental organizations (NGOs), academics, journalists, and DPRK de...

Community Identifiers



  • EN81DA7FwmIQrt2kzKUvy5e


  • 6MXVi9F2yD7vRZS

Contact our team about
IOCs for this adversary


During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.