Sapphire Sleet

Threat Actor updated 2 months ago (2024-09-10T04:18:19.764Z)

Download STIX

Preview STIX

Sapphire Sleet is a North Korea-linked Advanced Persistent Threat (APT) group known for its malicious activities. As a threat actor, Sapphire Sleet has been identified as the entity behind the execution of actions with harmful intent. The group's operations are sophisticated and persistent, targeting specific organizations or individuals over extended periods to achieve their objectives. The cybersecurity industry has attributed various cyber-attacks to this group, highlighting its significant role in the global cyber threat landscape. Recently, Sapphire Sleet has been found to target IT job seekers through deceptive tactics. They have created bogus skills assessment portals to lure unsuspecting individuals. These fraudulent platforms are designed to extract sensitive information from the victims, potentially leading to identity theft, financial loss, or further exploitation in more elaborate schemes. This new campaign indicates an evolution in Sapphire Sleet's strategies, demonstrating their adaptability and continuous threat to cybersecurity. In addition to the recent attacks on IT job seekers, Sapphire Sleet has a history of targeting financial institutions, cryptocurrency businesses, and ATMs. This group is also known by other names such as Alluring Pisces and APT38, under which it has carried out numerous successful cyber-attacks. Given the group's track record and evolving tactics, it remains a significant concern for cybersecurity professionals and organisations worldwide.

Description last updated: 2024-09-10T03:19:00.126Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Bluenoroff is a possible alias for Sapphire Sleet. BlueNoroff, a threat actor group linked to North Korea, has been identified as the malicious entity behind several high-profile cyber-attacks. Since first making headlines with an attack on Sony Pictures in 2014, BlueNoroff and its parent group Lazarus have been involved in numerous notorious securi	3
APT38 is a possible alias for Sapphire Sleet. APT38, a threat actor suspected to be backed by the North Korean regime, has been responsible for some of the largest cyber heists observed to date. The group has conducted operations in over 16 organizations across at least 11 countries, primarily targeting financial institutions worldwide. Despite	3
Lazarus Group is a possible alias for Sapphire Sleet. The Lazarus Group, a notorious North Korean state-sponsored threat actor, is among the most prolific and dangerous cyber threat actors in operation. The group has been involved in several high-profile cyber-attacks, including Operation DreamJob in Spain, with the primary objective of funding North K	2
Cryptocore is a possible alias for Sapphire Sleet. CryptoCore, also known as UNC1069, is a threat actor linked to the North Korea-associated Advanced Persistent Threat (APT) group, Sapphire Sleet. This group, alternatively referred to as APT38, BlueNoroff, CageyChameleon, and CryptoCore, operates as a subgroup of the notorious Lazarus APT group. The	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Korean

Apt

Microsoft

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Sapphire Sleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	2 months ago	Threat Assessment: North Korean Threat Groups
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	6 months ago	Asian Threat Actors Use New Techniques to Attack Familiar Targets
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
DARKReading	8 months ago	150K+ UAE Network Devices & Apps Exposed Online