HOMETHREATSRuby Sleet
APT / THREAT GROUP

Ruby Sleet

🇰🇵North Korea-attributed
1
campaigns
2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Ruby Sleet is a threat actor linked to North Korea's Ministry of State Security. Cerium has been involved in spear-phishing campaigns, compromising devices, and conducting cyberattacks alongside other North Korean threat actors. They have also targeted companies involved in COVID-19 research and vaccine development.

Threat Analysis

Ruby Sleet is a known-sophistication threat actor attributed to North Korea, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Ruby Sleet — Active Operations March 2026

Ruby Sleet is a unknown-motivation threat actor attributed to North Korea. Ruby Sleet is a threat actor linked to North Korea's Ministry of State Security. Cerium has been involved in spear-phishing campaigns, compromising devices, and conducting cyberattacks alongside other North Korean threat actors. They have also targeted companies involved in COVID...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇰🇵 North Korea
Aliases2
SourceMalpedia

Also Known As

Ruby SleetCERIUM

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Ruby Sleet — APT / Threat Group | Threat Intelligence | CTIWATCH.COM