Cryptocore

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
CryptoCore, also known as UNC1069, is a threat actor linked to the North Korea-associated Advanced Persistent Threat (APT) group, Sapphire Sleet. This group, alternatively referred to as APT38, BlueNoroff, CageyChameleon, and CryptoCore, operates as a subgroup of the notorious Lazarus APT group. These entities are identified by their malicious cyber activities, typically executed with harmful intent against various targets, including private companies, government bodies, and individuals. The cybersecurity industry often uses unique naming conventions for these groups, although standards can vary significantly. BlueNoroff, one of the constituent entities of the Lazarus Group, is particularly noted for its sophisticated cyber-enabled heists. These operations frequently target the SWIFT system, an international network used by banks to send and receive information about financial transactions, as well as cryptocurrency exchanges. These activities form part of an intrusion set that is tracked under the name CryptoCore. The group's tactics have resulted in substantial financial losses, further underscoring the severity of the threat they pose. CryptoCore employs spear-phishing techniques to launch attacks on financial services and cryptocurrency exchanges. One of the primary tools in its arsenal is the LONEJOGGER malware. By impersonating trusted entities, CryptoCore manipulates users into revealing sensitive data, which is then exploited for illicit gain. As the cybersecurity landscape continues to evolve, understanding and mitigating the risks posed by threat actors like CryptoCore becomes increasingly critical.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Bluenoroff
2
BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software,
Sapphire Sleet
2
Sapphire Sleet is a threat actor, or malicious entity, that is linked to North Korea. This group has been identified as an Advanced Persistent Threat (APT), known for executing sophisticated and continuous cyberattacks. Sapphire Sleet has been particularly active in targeting IT job seekers through
APT38
1
APT38, also known as TA444, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, Stardust Chollima, and TraderTraitor, is a threat actor group suspected to be backed by the North Korean regime. The group has been active in operations across over 16 organizations in at least 11 countries, primaril
Cageychameleon
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Phishing
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lazarus GroupUnspecified
1
The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Cryptocore Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers – GIXtools
Securityaffairs
8 months ago
North Korea-linked APT Sapphire Sleet targets IT job seekers
CERT-EU
a year ago
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware
CERT-EU
10 months ago
North Korean Hackers Continue to Refine Their Arsenal of Tactics & Techniques