Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Also known as: Bureau 121, APT38, NewRomanic Cyber Army Team, COPERNICIUM, ATK117, G0032, DEV-0139, Stardust Chollima, Moonstone Sleet, BeagleBoyz, Whois Hacking Team, ZINC, Sapphire Sleet, Zinc, Appleworm, APT 38, DEV-1222, Operation GhostSecret, Andariel, G0082, COVELLITE, APT-C-26, Operation DarkSeoul, Subgroup: Bluenoroff, TA404, NICKEL GLADSTONE, Operation Troy, Citrine Sleet, Hastati Group, Unit 121, Hidden Cobra, Black Artemis, Group 77, Nickel Academy, Operation AppleJeus, Dark Seoul, Lazarus group, Labyrinth Chollima, ATK3, Diamond Sleet, Bluenoroff
Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group and Guardians of Peace. Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover, Duuzer, and Hangman.
No exploited CVEs have been attributed to this threat actor yet.
Browse CVE Database