Pearl Sleet
Intelligence Profile
Pearl Sleet is a nation state activity group based in North Korea that has been active since at least 2012. They primarily target defectors from North Korea, media organizations in carrying out their cyber espionage activities.
Threat Analysis
Pearl Sleet is a advanced-sophistication threat actor attributed to North Korea, engaged in cyber operations with a primary motivation of espionage.
The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.
Classified as an advanced threat actor, Pearl Sleet likely develops or acquires zero-day exploits, employs custom malware toolchains, and demonstrates long-term persistence capabilities — hallmarks of a well-resourced operation consistent with nation-state backing.
Ransomware Victims (20)
CTIWATCH tracks 20 organizations claimed as victims by Pearl Sleet on its data leak site, with attack dates, sectors and countries.
View full victims list →Known Campaigns
Pearl Sleet is a espionage threat actor attributed to North Korea. Pearl Sleet is a nation state activity group based in North Korea that has been active since at least 2012. They primarily target defectors from North Korea, media organizations in carrying out their cyber espionage activities....
Pearl Sleet is conducting an active ransomware campaign targeting organizations across 1 country. Primary targets: Business Services, Education, Financial Services. 20 confirmed victims recorded in the last 45 days. Campaign status: ACTIVE (last activity 10 Apr 2026).