This is the Trace Id: 136d9c2db7e604f59cc6b71df0d81902
Skip to main content Security Insider Cyber Pulse Microsoft Digital Defense Report Threat landscape Emerging trends Risk management Leadership perspectives Operations Sign up for CISO Digest Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Software companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Groups in Development Threat Actor Storm-0530

Download
Share
Blue hexagon pattern with O/O text.
A group of actors originating from North Korea that Microsoft tracks as Storm-0530 (formerly DEV-0530) has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and has successfully compromised small businesses in multiple countries as early as September 2021. Microsoft assesses that Storm-0530 has connections with another North Korean-based group tracked as Onyx Sleet (formerly PLUTONIUM, aka DarkSeoul or Andariel). While the use of H0lyGh0st ransomware in campaigns is unique to Storm-0530, Microsoft has observed communications between the two groups, as well as Storm-0530 using tools created exclusively by Onyx Sleet.

DETAILS

Also known as:

  • H0lyGh0st

Countries targeted:

  • North Korea

Microsoft Threat Intelligence: Recent Storm-0530 Articles

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

Learn more

Follow Microsoft Security

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Software companies Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States) Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads