Jade Sleet

Threat Actor updated a day ago (2024-09-10T04:18:39.692Z)
Download STIX
Preview STIX
Jade Sleet, also known as TraderTraitor and UNC4899, is a North Korean state-sponsored threat actor that primarily targets blockchain and cryptocurrency companies. GitHub has expressed "high confidence" that this group is behind an ongoing campaign targeting personal user accounts associated with blockchain, cryptocurrency, and online gambling sectors. The group's activities support Pyongyang's objectives, and they have been implicated in the JumpCloud hack and other major cybersecurity incidents. In addition to these sectors, Jade Sleet has also targeted vendors used by the affected firms, broadening their attack surface. In July 2023, GitHub disclosed details of a campaign where adversaries tracked as TraderTraitor (aka Jade Sleet) utilized fake personas to target the cybersecurity sector among others. This campaign involved the use of GitHub repos and weaponized npm packages in a sophisticated spear-phishing scheme aimed at employees of cryptocurrency and technology organizations. Sometimes, these actors even take over legitimate accounts to further their malicious activities, as noted by GitHub's Alexis Wales. Despite similarities in their targets, Jade Sleet differentiates itself from another prolific North Korean actor, Lazarus, through unique structures and styles in its malicious code packages. This differentiation was discovered by CheckMarx, highlighting the group's distinct operational methods. Microsoft and the U.S. law enforcement agency have attributed these attacks to Jade Sleet, underscoring the group's significant role in the landscape of cyber threats.
Description last updated: 2024-09-10T03:19:41.676Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Unc4899
2
UNC4899, also known as Slow Pisces, TraderTraitor, and Jade Sleet, is a threat actor group that has been identified as a significant cybersecurity concern. This group has primarily targeted companies operating in the blockchain and cryptocurrency sectors, deploying sophisticated spear-phishing attac
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Github
Korean
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Jade Sleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
a day ago
Threat Assessment: North Korean Threat Groups
DARKReading
3 months ago
North Korea's Moonstone Sleet Widens Distribution of Malicious Code
DARKReading
4 months ago
Asian Threat Actors Use New Techniques to Attack Familiar Targets
CERT-EU
10 months ago
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
CERT-EU
a year ago
North Korean Cyberspies Target GitHub Developers
CERT-EU
a year ago
North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
CERT-EU
a year ago
North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns
BankInfoSecurity
a year ago
JumpCloud Hackers Likely Targeting GitHub Accounts Too
CERT-EU
a year ago
Cyber Security Week In Review: July 21, 2023
CERT-EU
a year ago
GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees
CERT-EU
a year ago
GitHub Developers Targeted by North Korea’s Lazarus Group
CERT-EU
a year ago
GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees