ThreatCluster

Chollima APT Targets Activists with LNK File Malware in Operation: ToyBox Story

First seen 3 Feb 2026, 16:06 UTC GbhackersCybersecuritynewsCyberpress 94% similarity 43

Article Content

Browse articles
ThreatCluster

The Ricochet Chollima APT group has initiated a campaign against activists and organizations focused on North Korea, starting in March 2025. This operation, dubbed 'Operation: ToyBox Story,' employs social engineering tactics and malware delivered via spear-phishing emails that appear legitimate to the recipients.

ThreatCluster AI

Community

Browse all →