HolyGhost (tracked by Microsoft as DEV-0530) is a North Korean state-linked ransomware group active since June 2021, associated with the Andariel threat group, targeting small to mid-sized businesses in financial services, manufacturing, education, and entertainment globally.
This group has 0 victims. The victim list API is currently responding slowly for this dataset. Country, sector, and infostealer breakdowns are not available at this time. Basic stats (victim count, first/last seen) are shown above from a faster data source.