Cryptocore

Threat Actor updated 4 months ago (2024-05-04T17:39:55.235Z)

Download STIX

Preview STIX

CryptoCore, also known as UNC1069, is a threat actor linked to the North Korea-associated Advanced Persistent Threat (APT) group, Sapphire Sleet. This group, alternatively referred to as APT38, BlueNoroff, CageyChameleon, and CryptoCore, operates as a subgroup of the notorious Lazarus APT group. These entities are identified by their malicious cyber activities, typically executed with harmful intent against various targets, including private companies, government bodies, and individuals. The cybersecurity industry often uses unique naming conventions for these groups, although standards can vary significantly. BlueNoroff, one of the constituent entities of the Lazarus Group, is particularly noted for its sophisticated cyber-enabled heists. These operations frequently target the SWIFT system, an international network used by banks to send and receive information about financial transactions, as well as cryptocurrency exchanges. These activities form part of an intrusion set that is tracked under the name CryptoCore. The group's tactics have resulted in substantial financial losses, further underscoring the severity of the threat they pose. CryptoCore employs spear-phishing techniques to launch attacks on financial services and cryptocurrency exchanges. One of the primary tools in its arsenal is the LONEJOGGER malware. By impersonating trusted entities, CryptoCore manipulates users into revealing sensitive data, which is then exploited for illicit gain. As the cybersecurity landscape continues to evolve, understanding and mitigating the risks posed by threat actors like CryptoCore becomes increasingly critical.

Description last updated: 2024-01-06T06:31:16.557Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Sapphire Sleet	2	Sapphire Sleet, a threat actor linked to North Korea, has emerged as a significant cybersecurity concern. This group, characterized by its malicious intent, targets IT job seekers through the use of deceptive tactics. They have created bogus skills assessment portals, designed to lure unsuspecting i
Bluenoroff	2	BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software,

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Cryptocore Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers – GIXtools
Securityaffairs	10 months ago	North Korea-linked APT Sapphire Sleet targets IT job seekers
CERT-EU	a year ago	Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware
CERT-EU	a year ago	North Korean Hackers Continue to Refine Their Arsenal of Tactics & Techniques