Cyber Resilience

Threat actor · all actors

Storm-0530MISP-47945864 state

🇰🇵 KP

aka Storm-0530, DEV-0530, H0lyGh0st

Last updated: 2026-07-03

11attributed CVEs
0ATT&CK techniques
31.9IDF score (tooling uniqueness)
0exclusive CVEs
2018–2022years active

About this actor

H0lyGh0st is a North Korean threat actor that has been active since June 2021. They are responsible for developing and deploying the H0lyGh0st ransomware, which targets small-to-medium businesses in various sectors. The group employs "double extortion" tactics, encrypting data and threatening to publish it if the ransom is not paid. There are connections between H0lyGh0st and the PLUTONIUM APT group, indicating a possible affiliation.

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2021-3018 8.09.80.79332021-01-05see CVE
CVE-2021-44142 8.08.80.74042022-02-21see CVE
CVE-2021-45837 8.09.80.81082022-04-25see CVE
CVE-2021-40684 7.09.10.01152021-09-22see CVE
CVE-2022-24663 7.09.90.02102022-02-16see CVE
CVE-2022-24664 7.09.90.01592022-02-16see CVE
CVE-2022-24665 7.09.90.02442022-02-16see CVE
CVE-2019-15637 6.08.10.22732019-08-26see CVE
CVE-2022-22005 6.08.80.17212022-02-09see CVE
CVE-2017-4946 5.57.80.00512018-01-05see CVE
CVE-2022-24785 5.57.50.05662022-04-04see CVE

No techniques attributed.

Co-occurring actors

Similar actors

Overlapping CVEs

Active in same years