HOMETHREATSELUSIVE COMET
APT / THREAT GROUP

ELUSIVE COMET

🇰🇵North Korea-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

ELUSIVE COMET is a threat actor responsible for significant cryptocurrency theft through sophisticated social engineering attacks, particularly leveraging Zoom's remote control feature. Their attack methodology involves manipulating legitimate workflows and exploiting human-centric vulnerabilities rather than technical flaws. The actor employs tactics such as social proof, time pressure, and interface manipulation to deceive targets. Organizations can mitigate risks by implementing technical controls to disable the remote control feature and deploying email boundary protections like DMARC, SPF, and DKIM.

Threat Analysis

ELUSIVE COMET is a known-sophistication threat actor attributed to North Korea, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

ELUSIVE COMET — Active Operations March 2026

ELUSIVE COMET is a unknown-motivation threat actor attributed to North Korea. ELUSIVE COMET is a threat actor responsible for significant cryptocurrency theft through sophisticated social engineering attacks, particularly leveraging Zoom's remote control feature. Their attack methodology involves manipulating legitimate workflows and exploiting human-centr...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇰🇵 North Korea
Aliases1
SourceMalpedia

Also Known As

ELUSIVE COMET

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.