Threat actor · all actors
Storm-0530MISP-47945864 state
🇰🇵 KP
aka Storm-0530, DEV-0530, H0lyGh0st
Last updated: 2026-07-03
11attributed CVEs
0ATT&CK techniques
31.9IDF score (tooling uniqueness)
0exclusive CVEs
2018–2022years active
About this actor
H0lyGh0st is a North Korean threat actor that has been active since June 2021. They are responsible for developing and deploying the H0lyGh0st ransomware, which targets small-to-medium businesses in various sectors. The group employs "double extortion" tactics, encrypting data and threatening to publish it if the ransom is not paid. There are connections between H0lyGh0st and the PLUTONIUM APT group, indicating a possible affiliation.
Activity timeline
- 2022 — 7 CVE published
- 2021 — 2 CVE published
- 2019 — 1 CVE published
- 2018 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2021-3018 | 8.0 | 9.8 | 0.7933 | 2021-01-05 | see CVE |
CVE-2021-44142 | 8.0 | 8.8 | 0.7404 | 2022-02-21 | see CVE |
CVE-2021-45837 | 8.0 | 9.8 | 0.8108 | 2022-04-25 | see CVE |
CVE-2021-40684 | 7.0 | 9.1 | 0.0115 | 2021-09-22 | see CVE |
CVE-2022-24663 | 7.0 | 9.9 | 0.0210 | 2022-02-16 | see CVE |
CVE-2022-24664 | 7.0 | 9.9 | 0.0159 | 2022-02-16 | see CVE |
CVE-2022-24665 | 7.0 | 9.9 | 0.0244 | 2022-02-16 | see CVE |
CVE-2019-15637 | 6.0 | 8.1 | 0.2273 | 2019-08-26 | see CVE |
CVE-2022-22005 | 6.0 | 8.8 | 0.1721 | 2022-02-09 | see CVE |
CVE-2017-4946 | 5.5 | 7.8 | 0.0051 | 2018-01-05 | see CVE |
CVE-2022-24785 | 5.5 | 7.5 | 0.0566 | 2022-04-04 | see CVE |
No techniques attributed.
Co-occurring actors
- Lazarus Group 11 shared CVEs
- Andariel 11 shared CVEs
- Maui ransomware 11 shared CVEs
Similar actors
Overlapping CVEs
- Andariel 1.00
- Maui ransomware 1.00
- Lazarus Group 0.92
Active in same years
- Lazarus Group 4.00
- Andariel 4.00
- Maui ransomware 4.00
- APT29 2.00
- C0018 1.00
Same nation-state
- Operation Dream Job 1.00
- 3CX Supply Chain Attack 1.00
- Lazarus Group 1.00
- APT37 1.00
- APT38 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00