Cyber Resilience

Threat actor · all actors

AndarielG0138 state

🇰🇵 KP · RGB

aka Andariel, Silent Chollima, PLUTONIUM, Onyx Sleet

Last updated: 2026-07-03

11attributed CVEs
18ATT&CK techniques
31.9IDF score (tooling uniqueness)
0exclusive CVEs
2018–2022years active

About this actor

[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military organizations, and a variety of domestic companies; they have also conducted cyber financial operations against ATMs, banks, and cryptocurrency exchanges. [Andariel](https://attack.mitre.org/groups/G0138)'s notable activity includes Operation Black Mine, Operation GoldenAxe, and Campaign Rifle.(Citation: FSI Andariel Campaign Rifle July 2017)(Citation: IssueMakersLab Andariel GoldenAxe May 2017)(Citation: AhnLab Andariel Subgroup of Lazarus June 2018)(Citation: TrendMicro New Andariel Tactics July 2018)(Citation: CrowdStrike Silent Chollima Adversary September 2021) [Andariel](https://attack.mitre.org/groups/G0138) is considered a sub-set of [Lazarus Group](https://attack.mitre.org/groups/G0032), and has been attributed to North Korea's Reconnaissance General Bureau.(Citation: Treasury North Korean Cyber Groups September 2019) North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2021-3018 8.09.80.79332021-01-05see CVE
CVE-2021-44142 8.08.80.74042022-02-21see CVE
CVE-2021-45837 8.09.80.81082022-04-25see CVE
CVE-2021-40684 7.09.10.01152021-09-22see CVE
CVE-2022-24663 7.09.90.02102022-02-16see CVE
CVE-2022-24664 7.09.90.01592022-02-16see CVE
CVE-2022-24665 7.09.90.02442022-02-16see CVE
CVE-2019-15637 6.08.10.22732019-08-26see CVE
CVE-2022-22005 6.08.80.17212022-02-09see CVE
CVE-2017-4946 5.57.80.00512018-01-05see CVE
CVE-2022-24785 5.57.50.05662022-04-04see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-39 / 1850%
SI-49 / 1850%
AC-47 / 1839%
CA-77 / 1839%
CM-27 / 1839%
CM-67 / 1839%
SC-77 / 1839%
SI-26 / 1833%
SC-445 / 1828%
SI-75 / 1828%
CM-74 / 1822%
SI-84 / 1822%
AC-63 / 1817%
AC-32 / 1811%
CM-82 / 1811%

Co-occurring actors

Similar actors

Overlapping CVEs

Active in same years