Trace Id is missing

Nation State Actor

Storm-0530

A close-up of a planet
A group of actors originating from North Korea that Microsoft tracks as Storm-0530 (formerly DEV-0530) has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and has successfully compromised small businesses in multiple countries as early as September 2021. Microsoft assesses that Storm-0530 has connections with another North Korean-based group tracked as Onyx Sleet (formerly PLUTONIUM, aka DarkSeoul or Andariel). While the use of H0lyGh0st ransomware in campaigns is unique to Storm-0530, Microsoft has observed communications between the two groups, as well as Storm-0530 using tools created exclusively by Onyx Sleet.

Also known as: 

 

H0lyGh0st   

                                         

                                                                                                      

Countries targeted:

 

North Korea

Microsoft Threat Intelligence: Recent Storm-0530 Articles

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

Follow Microsoft Security