Jade Sleet

Threat Actor updated 2 months ago (2024-11-29T13:55:57.605Z)

Download STIX

Preview STIX

Jade Sleet, also known as TraderTraitor and UNC4899, is a North Korean state-sponsored threat actor that primarily targets blockchain and cryptocurrency companies. GitHub has expressed "high confidence" that this group is behind an ongoing campaign targeting personal user accounts associated with blockchain, cryptocurrency, and online gambling sectors. The group's activities support Pyongyang's objectives, and they have been implicated in the JumpCloud hack and other major cybersecurity incidents. In addition to these sectors, Jade Sleet has also targeted vendors used by the affected firms, broadening their attack surface. In July 2023, GitHub disclosed details of a campaign where adversaries tracked as TraderTraitor (aka Jade Sleet) utilized fake personas to target the cybersecurity sector among others. This campaign involved the use of GitHub repos and weaponized npm packages in a sophisticated spear-phishing scheme aimed at employees of cryptocurrency and technology organizations. Sometimes, these actors even take over legitimate accounts to further their malicious activities, as noted by GitHub's Alexis Wales. Despite similarities in their targets, Jade Sleet differentiates itself from another prolific North Korean actor, Lazarus, through unique structures and styles in its malicious code packages. This differentiation was discovered by CheckMarx, highlighting the group's distinct operational methods. Microsoft and the U.S. law enforcement agency have attributed these attacks to Jade Sleet, underscoring the group's significant role in the landscape of cyber threats.

Description last updated: 2024-09-10T03:19:41.676Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Unc4899 is a possible alias for Jade Sleet. UNC4899, also known as Slow Pisces, TraderTraitor, and Jade Sleet, is a threat actor group that has been identified as a significant cybersecurity concern. This group has primarily targeted companies operating in the blockchain and cryptocurrency sectors, deploying sophisticated spear-phishing attac	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Github

Korean

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Jade Sleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	4 months ago	Threat Assessment: North Korean Threat Groups
DARKReading	7 months ago	North Korea's Moonstone Sleet Widens Distribution of Malicious Code
DARKReading	8 months ago	Asian Threat Actors Use New Techniques to Attack Familiar Targets
CERT-EU	a year ago	North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
CERT-EU	a year ago	North Korean Cyberspies Target GitHub Developers
CERT-EU	a year ago	North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
CERT-EU	a year ago	North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns
BankInfoSecurity	a year ago	JumpCloud Hackers Likely Targeting GitHub Accounts Too
CERT-EU	a year ago	Cyber Security Week In Review: July 21, 2023
CERT-EU	a year ago	GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees
CERT-EU	a year ago	GitHub Developers Targeted by North Korea’s Lazarus Group
CERT-EU	a year ago	GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees