This is the Trace Id: 36d66b134a1ef38317ffc6edfb971f39
Skip to main content Emerging threats Microsoft Digital Defense Reports Cyber Signals reports Nation state reports More reports Practical cyber defense Meet the experts AI Business email compromise Cybercrime Cyber influence operations DDoS Identity IoT and OT Nation state reports Phishing Ransomware Threat actors Vulnerabilities Français Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Software companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Join RSAC executive panel session on March 24 “AI agents are here! Are you ready?”.

Register now

Nation State Actor

Storm-0530

Download
Share
A close-up of a planet
A group of actors originating from North Korea that Microsoft tracks as Storm-0530 (formerly DEV-0530) has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and has successfully compromised small businesses in multiple countries as early as September 2021. Microsoft assesses that Storm-0530 has connections with another North Korean-based group tracked as Onyx Sleet (formerly PLUTONIUM, aka DarkSeoul or Andariel). While the use of H0lyGh0st ransomware in campaigns is unique to Storm-0530, Microsoft has observed communications between the two groups, as well as Storm-0530 using tools created exclusively by Onyx Sleet.

Also known as: 

 

H0lyGh0st   

                                         

                                                                                                      

Countries targeted:

 

North Korea

Microsoft Threat Intelligence: Recent Storm-0530 Articles

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

Learn more

Follow Microsoft Security

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store Support Returns Order tracking Microsoft Store Promise Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education Office Education Educator training and development Deals for students and parents Azure for students
Microsoft AI Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Advertising Microsoft 365 Copilot Microsoft Teams Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Microsoft Power Platform Software companies Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (Canada) Consumer Health Privacy Contact Microsoft Privacy Manage cookies Terms of use Trademarks About our ads