Unc4899

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
UNC4899, also known as TraderTraitor and Jade Sleet, is a threat actor identified by Google's Mandiant as a North Korean hacking group with a focus on cryptocurrency-related activities. The group operates under the auspices of North Korea's Reconnaissance General Bureau (RGB) and primarily targets blockchain companies through spear-phishing messages. It has been suggested that UNC4899 may be a successor to APT38, another notorious cyber-espionage group. The group gained notoriety following a series of cyberattacks, including a significant hack on JumpCloud in late June 2023. Mandiant's investigation revealed that these intrusions were indeed the work of UNC4899. The group uses sophisticated methods to infiltrate their targets, often leveraging spear-phishing techniques to gain unauthorized access to systems and data. They have demonstrated a high level of skill and persistence in their operations, making them a serious threat to organizations within the cryptocurrency sector. To summarize, UNC4899 is a North Korean state-sponsored threat actor that poses a significant risk to cryptocurrency and blockchain companies. Their successful attacks, such as the one on JumpCloud in June 2023, underline the group's capabilities and the potential damage they can inflict. Organizations in this sector are advised to remain vigilant and adopt robust cybersecurity measures to counteract the threats posed by this group.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT38
1
APT38, also known as TA444, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, Stardust Chollima, and TraderTraitor, is a threat actor group suspected to be backed by the North Korean regime. The group has been active in operations across over 16 organizations in at least 11 countries, primaril
Tradertraitor
1
TraderTraitor, also known as Lazarus Group or APT38, is a threat actor attributed to the North Korean government. This group has been linked by the FBI to several recent cyberattacks on cryptocurrency platforms, with hundreds of millions of dollars in cryptocurrency stolen. The attacks share similar
Jade Sleet
1
Jade Sleet, also known as TraderTraitor and UNC4899, is a North Korean state-sponsored threat actor primarily targeting personal GitHub user accounts connected to the blockchain, cryptocurrency, and online gambling sectors. Their activities support Pyongyang's objectives, with GitHub expressing "hig
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Reconnaissance
Phishing
Mandiant
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RgbUnspecified
1
RGB, a threat actor with ties to North Korea, has been involved in a range of malicious cyber activities. The group was designated by the Office of Foreign Assets Control (OFAC) on January 2, 2015, under Executive Order 13687 for being a controlled entity of the North Korean government. In addition
Reconnaissance General BureauUnspecified
1
The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency responsible for clandestine operations abroad, including cyber activities. The RGB has been associated with several threat actors, including the BeagleBoyz, who have likely been active since at least 2014. Other groups lin
Reconnaissance General Bureau RgbUnspecified
1
The Reconnaissance General Bureau (RGB) is a North Korean military intelligence agency identified as a threat actor responsible for various cyberattacks. RGB is associated with hacking groups known as the "Lazarus Group," "Bluenoroff," and "Andariel," which are recognized as agencies or controlled e
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Unc4899 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
CERT-EU
a year ago
North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns
CERT-EU
a year ago
North Korean Cyber Group Suspected in JumpCloud Breach
BankInfoSecurity
9 months ago
Researchers: North Korean Hackers Gain Speed, Flexibility
CERT-EU
a year ago
Latest North Korean hack targeting cryptocurrency shows troubling evolution, experts say