Ricochet Chollima

Ricochet Chollima (also known as APT 37, Reaper, and ScarCruft) is a North Korean state backed hacker group that is believed to have been created sometime before 2016 and is typically involved in operations against financial institutions to generate assets for North Korea, but also conducts attacks on the industrial sector in other countries. CrowdStrike has stated that the group mainly attacks a variety of South Korean organizations and individuals, including academics, journalists, and North Korean defectors. But also stated the group has also engaged in attacks against Japan, Vietnam, Hong Kong, the Middle East, Russia, and the United States. FireEye has called the group "the overlooked North Korean threat actor."

History
The group is believed to have been founded sometime around 2012, according to FireEye.

In January 2021 the group was found to be using a Trojan horse for a spear-phishing campaign that targeted the South Korean government.

NPO Mashinostroyeniya, a Russian ballistic missile manufacturer was allegedly hacked by the group in 2023, as discovered by SentinelOne.