STARDUST CHOLLIMA

216.73.216.226

· Published 16/12/2025 19:39 · Modified 04/05/2026 16:33 · Source: The MITRE Corporation

Essential information

Confidence: 100/100
Published: 16/12/2025 19:39
Modified: 04/05/2026 16:33
Updated at: 04/05/2026 16:33
Revoked: No
Author / Source: The MITRE Corporation
Resource level: —
Primary motivation: —
Related entities: 1 reports, 97 attack patterns (mitre), 24 malware, 7 sectors, 20 countries, 100 indicators, 53 vulnerabilities (cve), 2 tool

Aliases

NICKEL GLADSTONE BeagleBoyz Stardust Chollima Sapphire Sleet COPERNICIUM Bluenoroff APT38

Description

[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020) Active since at least 2014, [APT38](https://attack.mitre.org/groups/G0082) has targeted banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT system endpoints, and ATMs in at least 38 countries worldwide. Significant operations include the 2016 Bank of Bangladesh heist, during which [APT38](https://attack.mitre.org/groups/G0082) stole $81 million, as well as attacks against Bancomext (Citation: FireEye APT38 Oct 2018) and Banco de Chile (Citation: FireEye APT38 Oct 2018); some of their attacks have been destructive.(Citation: CISA AA20-239A BeagleBoyz August 2020)(Citation: FireEye APT38 Oct 2018)(Citation: DOJ North Korea Indictment Feb 2021)(Citation: Kaspersky Lazarus Under The Hood Blog 2017) North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.