Cryptocore

Threat Actor updated 7 months ago (2024-05-04T17:39:55.235Z)

Download STIX

Preview STIX

CryptoCore, also known as UNC1069, is a threat actor linked to the North Korea-associated Advanced Persistent Threat (APT) group, Sapphire Sleet. This group, alternatively referred to as APT38, BlueNoroff, CageyChameleon, and CryptoCore, operates as a subgroup of the notorious Lazarus APT group. These entities are identified by their malicious cyber activities, typically executed with harmful intent against various targets, including private companies, government bodies, and individuals. The cybersecurity industry often uses unique naming conventions for these groups, although standards can vary significantly. BlueNoroff, one of the constituent entities of the Lazarus Group, is particularly noted for its sophisticated cyber-enabled heists. These operations frequently target the SWIFT system, an international network used by banks to send and receive information about financial transactions, as well as cryptocurrency exchanges. These activities form part of an intrusion set that is tracked under the name CryptoCore. The group's tactics have resulted in substantial financial losses, further underscoring the severity of the threat they pose. CryptoCore employs spear-phishing techniques to launch attacks on financial services and cryptocurrency exchanges. One of the primary tools in its arsenal is the LONEJOGGER malware. By impersonating trusted entities, CryptoCore manipulates users into revealing sensitive data, which is then exploited for illicit gain. As the cybersecurity landscape continues to evolve, understanding and mitigating the risks posed by threat actors like CryptoCore becomes increasingly critical.

Description last updated: 2024-01-06T06:31:16.557Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Sapphire Sleet is a possible alias for Cryptocore. Sapphire Sleet is a North Korea-linked Advanced Persistent Threat (APT) group known for its malicious activities. As a threat actor, Sapphire Sleet has been identified as the entity behind the execution of actions with harmful intent. The group's operations are sophisticated and persistent, targetin	2
Bluenoroff is a possible alias for Cryptocore. BlueNoroff, a threat actor group linked to North Korea, has been identified as the malicious entity behind several high-profile cyber-attacks. Since first making headlines with an attack on Sony Pictures in 2014, BlueNoroff and its parent group Lazarus have been involved in numerous notorious securi	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Cryptocore Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers – GIXtools
Securityaffairs	a year ago	North Korea-linked APT Sapphire Sleet targets IT job seekers
CERT-EU	2 years ago	Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware
CERT-EU	a year ago	North Korean Hackers Continue to Refine Their Arsenal of Tactics & Techniques