Five Steps for Frontier AI Security Readiness Download

Ricochet Chollima

Discover the adversaries targeting your industry

Back to Adversary Universe
chollimaalt

RICOCHET CHOLLIMA is a Democratic Peoples’ Republic of Korea (DPRK)-nexus targeted intrusion adversary that has been involved in espionage operations since at least 2016. RICOCHET CHOLLIMA’s observed operations have almost exclusively targeted the Republic of Korea (ROK) and are assessed to be focused on ROK government officials, non-governmental organizations (NGOs), academics, journalists, and D...

  • Ricochet Chollima

  • North Korea, East Asia, Asia

Community Identifiers

ITG10, Red Eyes, Venus121, Inky Squid, Pearl Sleet, TA-RedAnt, ScarCruft, APT37, Group123, Moldy Pisces

Objective

Intelligence Gathering

Motivation

State-Sponsored

Contact sales

Thank you for your request!

A member of our team will be in touch shortly

Contact our team about IOCs for this adversary

During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.
Contact us
Adversaries Map

Who's targeting your industry?

Today's adversaries are faster, smarter, and better resourced. Know who they are and how to stop them.

View adversaries
Threat Hunting report spread

CrowdStrike 2025 Threat Hunting Report


Adversaries weaponize and target AI at scale.
Learn more