Cryptocore

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
CryptoCore, also known as UNC1069, is a threat actor linked to the North Korea-associated Advanced Persistent Threat (APT) group, Sapphire Sleet. This group, alternatively referred to as APT38, BlueNoroff, CageyChameleon, and CryptoCore, operates as a subgroup of the notorious Lazarus APT group. These entities are identified by their malicious cyber activities, typically executed with harmful intent against various targets, including private companies, government bodies, and individuals. The cybersecurity industry often uses unique naming conventions for these groups, although standards can vary significantly. BlueNoroff, one of the constituent entities of the Lazarus Group, is particularly noted for its sophisticated cyber-enabled heists. These operations frequently target the SWIFT system, an international network used by banks to send and receive information about financial transactions, as well as cryptocurrency exchanges. These activities form part of an intrusion set that is tracked under the name CryptoCore. The group's tactics have resulted in substantial financial losses, further underscoring the severity of the threat they pose. CryptoCore employs spear-phishing techniques to launch attacks on financial services and cryptocurrency exchanges. One of the primary tools in its arsenal is the LONEJOGGER malware. By impersonating trusted entities, CryptoCore manipulates users into revealing sensitive data, which is then exploited for illicit gain. As the cybersecurity landscape continues to evolve, understanding and mitigating the risks posed by threat actors like CryptoCore becomes increasingly critical.
What's your take? (Question 1 of 1)
44b4a88b-d992-46d8-8044-1375155d9cd1 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Sapphire Sleet
2
Sapphire Sleet is a North Korea-linked Advanced Persistent Threat (APT) group known for its malicious cyber activities. The threat actor has been identified as targeting IT job seekers through the creation of bogus skills assessment portals, leveraging these platforms to infiltrate systems and gathe
Bluenoroff
2
BlueNoroff is a financially motivated threat actor closely associated with the Lazarus Group, which is linked to North Korean state-sponsored hackers. The group targets banks, casinos, fintech companies, POST software and cryptocurrency businesses, and ATMs. It has been responsible for several malic
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Cryptocore Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware
Securityaffairs
7 months ago
North Korea-linked APT Sapphire Sleet targets IT job seekers
CERT-EU
8 months ago
North Korean Hackers Continue to Refine Their Arsenal of Tactics & Techniques
CERT-EU
7 months ago
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers – GIXtools