Sapphire Sleet

Threat Actor Profile Updated 9 days ago
Download STIX
Preview STIX
Sapphire Sleet is a threat actor, or malicious entity, that is linked to North Korea. This group has been identified as an Advanced Persistent Threat (APT), known for executing sophisticated and continuous cyberattacks. Sapphire Sleet has been particularly active in targeting IT job seekers through fraudulent skills assessment portals, as reported by multiple sources. The group's modus operandi involves creating bogus skills assessment portals that appear legitimate to unsuspecting IT job seekers. Once individuals interact with these portals, their personal information becomes vulnerable to exploitation. This tactic not only allows the group to gather sensitive data but also potentially provides them with a gateway to infiltrate more secure networks and systems, leveraging the credentials of these IT professionals. In addition to this, Sapphire Sleet has a track record of targeting executives and developers at cryptocurrency, venture capital, and other financial organizations. Microsoft has tracked numerous small yet frequent cryptocurrency theft operations conducted by this threat actor. The group's activities pose significant cybersecurity risks to both individuals and organizations within the IT and financial sectors.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT38
2
APT38, also known as TA444, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, Stardust Chollima, and TraderTraitor, is a threat actor group suspected to be backed by the North Korean regime. The group has been active in operations across over 16 organizations in at least 11 countries, primaril
Lazarus Group
2
The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-
Cryptocore
2
CryptoCore, also known as UNC1069, is a threat actor linked to the North Korea-associated Advanced Persistent Threat (APT) group, Sapphire Sleet. This group, alternatively referred to as APT38, BlueNoroff, CageyChameleon, and CryptoCore, operates as a subgroup of the notorious Lazarus APT group. The
Bluenoroff
2
BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software,
Stardust Chollima
1
Stardust Chollima is a recognized threat actor in the cybersecurity industry, primarily known for its malicious activities aimed at acquiring funds. This group has been linked to various high-profile cyber-attacks and fraudulent activities since 2015. Stardust Chollima has been associated with the f
TA444
1
TA444, also known as BlueNoroff, APT28, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and other monikers, is a prolific North Korean state-backed threat actor known for its malicious cyber activities. The group has been continuously generating proprietary malware, distinguishing it from other
Cageychameleon
1
None
HIDDEN COBRA
1
Hidden Cobra, also known as the Lazarus Group and Sapphire Sleet, is a North Korean cyberespionage group that has been active since at least 2009. The U.S. Government uses the term Hidden Cobra to refer to malicious cyber activities by the North Korean government, with the BeagleBoyz representing a
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Microsoft
Korean
Phishing
Malware
UAE
Gbhackers
Linkedin
Github
State Sponso...
Cybercrime
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Sapphire Sleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
2 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
9 days ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
16 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
23 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading
2 months ago
Asian Threat Actors Use New Techniques to Attack Familiar Targets
Securityaffairs
3 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini
DARKReading
4 months ago
150K+ UAE Network Devices & Apps Exposed Online
Securityaffairs
4 months ago
Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 460 by Pierluigi Paganini