Jade Sleet

Threat Actor Profile Updated 14 days ago
Download STIX
Preview STIX
Jade Sleet, also known as TraderTraitor and UNC4899, is a North Korea-based threat actor that has been actively targeting personal GitHub user accounts connected to the blockchain, cryptocurrency, and online gambling sectors. The group was first identified by Microsoft and has since been tracked with high confidence by GitHub as the entity behind an ongoing cyber-espionage campaign. Jade Sleet primarily targets users and vendors associated with cryptocurrency and other blockchain-related organizations. This group has also been implicated in the JumpCloud hack, demonstrating its extensive reach and capability. The group's modus operandi involves the use of social engineering and spear-phishing techniques to compromise targeted systems. In July 2023, GitHub disclosed an npm campaign where Jade Sleet used fake personas to target the cybersecurity sector, among others. The threat actor impersonates developers or recruiters, creating fake persona accounts on platforms like GitHub, LinkedIn, Slack, and Telegram, or takes control of legitimate accounts to carry out its operations. In some cases, they have weaponized npm packages and used GitHub repos in their campaigns. The US government and law enforcement agencies have attributed the blockchain activity and stolen cryptocurrency funds to this adversary. These activities are believed to support Pyongyang's objectives, indicating state sponsorship. Given the significant threat posed by Jade Sleet, organizations particularly in the technology, cryptocurrency, and blockchain sectors should remain vigilant and strengthen their security postures to mitigate potential attacks.
What's your take? (Question 1 of 1)
1f32be2d-d174-42fe-9a2f-029ec8ff76d9 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Github
Korean
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Jade Sleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees
CERT-EU
10 months ago
GitHub Developers Targeted by North Korea’s Lazarus Group
CERT-EU
10 months ago
Cyber Security Week In Review: July 21, 2023
BankInfoSecurity
10 months ago
JumpCloud Hackers Likely Targeting GitHub Accounts Too
CERT-EU
10 months ago
North Korean Cyberspies Target GitHub Developers
DARKReading
14 days ago
Asian Threat Actors Use New Techniques to Attack Familiar Targets
CERT-EU
9 months ago
North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
CERT-EU
9 months ago
North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns
CERT-EU
10 months ago
GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees
CERT-EU
6 months ago
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns