This TLP:RED session is presented by a practitioner from an RH-ISAC member organization who experienced an event attributed to Famous Chollima (AKA UNC5267, Nickel Tapestry, ), a North Korean state-backed threat actor. This threat actor conducts operations to illicitly obtain freelance or full-time IT positions to earn a salary that can be funneled to fund North Korea’s weapons programs. In this session, they will discuss how they detected it, how the investigation was conducted, their incident response process, and lessons learned tactically, operationally, and strategically. They will also discuss TTPs and IOCs we observed.
This session is open to RH-ISAC Core Members only.
