G0082 - DPRK Threat Actor | lazarus.day

G0082

2019-01-29 • MITRE • APT38

40

Related Actors
222

Related Reports

Related Actors

Jade Sleet

Microsoft

Trader Traitor

First seen: Jul 2023

Last seen: Oct 2024

Trader Traitor

USCISA

Bluenoroff

First seen: Apr 2022

Last seen: May 2026

UNC4899

Mandiant

Trader Traitor

First seen: Jul 2023

Last seen: Mar 2026

T-APT-15

Tencent

Bluenoroff

First seen: Mar 2018

Last seen: Mar 2018

APT38

Mandiant

Bluenoroff

First seen: Oct 2018

Last seen: Nov 2025

Beagle Boyz

USCISA

Bluenoroff

First seen: Aug 2020

Last seen: Mar 2021

Black Alicanto

PWC

Crypto Core

First seen: Sep 2021

Last seen: Apr 2023

Black Dev2

PWC

Bluenoroff

First seen: Sep 2021

Last seen: Apr 2023

Bluenoroff

Kaspersky

First seen: Apr 2017

Last seen: May 2026

Copernicium

Microsoft

APT38

First seen: Nov 2022

Last seen: Nov 2022

UNC785

Mandiant

TEMP.Hermit

First seen: Mar 2023

Last seen: Mar 2023

Crypto Core

Clearskysec

Bluenoroff

First seen: Jun 2020

Last seen: Oct 2025

Crypto Mimic

NTTSecurity

Crypto Core

First seen: Sep 2020

Last seen: Feb 2021

UNC786

Mandiant

TEMP.Hermit

First seen: Mar 2023

Last seen: Mar 2023

PUKCHONG

Google

UNC4899

First seen: Jun 2024

Last seen: Nov 2025

Leery Turtle

Cyberstruggle

Crypto Core

First seen: May 2020

Last seen: May 2020

Nickel Gladstone

Secure Works

Bluenoroff

First seen: Jun 2021

Last seen: Jun 2021

Dark River

Ptsecurity

Jade Sleet

First seen: Sep 2023

Last seen: Sep 2023

Slow Pisces

Paloalto Networks

Jade Sleet

First seen: Jun 2024

Last seen: Apr 2025

Alluring Pisces

Paloalto Networks

Bluenoroff

First seen: Sep 2024

Last seen: Feb 2025

TA444

Proofpoint

Crypto Core

First seen: Jan 2023

Last seen: Apr 2026

TEMP.Hermit

Fireeye

Bluenoroff

First seen: Mar 2023

Last seen: May 2025

Red Carpet

KRCERT

Bluenoroff

Sector A06

NSHC

Bluenoroff

First seen: Mar 2020

Last seen: Feb 2025

Stardust Chollima

Crowd Strike

Bluenoroff

First seen: Feb 2018

Last seen: Jun 2026

UNC4034

Mandiant

TEMP.Hermit

First seen: Sep 2022

Last seen: Nov 2022

UNC577

Mandiant

TEMP.Hermit

First seen: Mar 2023

Last seen: Mar 2023

UNC2970

Mandiant

TEMP.Hermit

First seen: Mar 2023

Last seen: Feb 2026

MASAN

Google

UNC1069

First seen: Nov 2025

Last seen: Nov 2025

CTG-6459

Secure Works

Nickel Gladstone

First seen: Jun 2021

Last seen: Jun 2021

Pressure Chollima

Crowd Strike

Jade Sleet

First seen: Jan 2026

Last seen: May 2026

Putrid Slug

Cloudflare

Bluenoroff

First seen: Mar 2026

Last seen: Mar 2026

Sapphire Sleet

Microsoft

Copernicium

First seen: Apr 2023

Last seen: Jun 2026

JINX-0164

Wiz

Sapphire Sleet

First seen: May 2026

Last seen: May 2026

Storm-0954

Microsoft

Jade Sleet

First seen: Apr 2023

Last seen: Apr 2023

TAG-71

Recorded Future

Bluenoroff

First seen: Jun 2023

Last seen: Jan 2024

UNC1069

Mandiant

Crypto Core

First seen: Apr 2023

Last seen: May 2026

UNC1758

Mandiant

TEMP.Hermit

First seen: Mar 2023

Last seen: Apr 2023

ATK117

Thales Group

APT38

First seen: Oct 2019

Last seen: May 2022

REF9135

Elastic

Bluenoroff

First seen: Jun 2023

Last seen: Jun 2023

Related Reports in This Cluster

Top Authors

View G0082 reports only

2026-06-17

Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

#SapphireSleet #Mastra #NPM #SupplyChain #T1195.002 #T1059.007 #T1059.001 #T1105 #T1071.001 #T1547.001 #T1543.003 #T1055 #T1562.001 #T1027

2026-06-09

Crowd Strike

CrowdStrike 2026 Report: China Fuels Attacks on Tech

#FamousChollima #LabyrinthChollima #StardustChollima #Trend

2026-05-29

SOCRadar

April 2026: ShinyHunters Hits Medtronic and ADT as North Korean Hackers Drain DeFi Protocols

#Lazarus #TraderTraitor #UNC1069 #DriftProtocol #KelpDAO #Axios #NPM #SupplyChain #WAVESHAPER #Trend

2026-05-28

Levelblue

Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign

#SapphireSleet #Bluenoroff #UNC1069 #macOS #Cryptocurrency #Phishing #T1059.002 #T1059.004 #T1105 #T1005 #T1560 #T1041 #T1543.004

2026-05-27

Wiz

Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

#macOS #T1566 #T1195.002 #T1059.004 #T1547 #T1552 #T1555 #T1056.001 #T1105 #T1059 #JINX-0164 #Suspicious #T1480.001

2026-05-21

Ahnlab

2026년 4월 국내외 금융권 관련 보안 이슈

#Andariel #Bluenoroff #GeniexLoader #WGear

2026-05-19

OSM

Axios attacker strikes again! Three NPM packages have been hiding in plain sight for two months

#Axios #NPM #UNC1069

2026-05-18

Layer Zero

LayerZero Labs KelpDAO Incident Report

#KelpDAO #TraderTraitor

2026-05-14

Crowd Strike

CrowdStrike 2026 Financial Services Threat Landscape Report: North Korean Adversaries Steal Billions in Digital Assets

#PressureChollima #GoldenChollima #FamousChollima #StardustChollima

2026-04-28

Recorded Future

Lazarus Doesn't Need AGI

#Lazarus #TraderTraitor

2026-04-27

Arctic Wolf

BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector

#Bluenoroff #ClickFix #Fileless

2026-04-20

Layer Zero

KelpDAO Incident Statement

#KelpDAO #TraderTraitor

2026-04-18

Falcon Feeds

UNC1069: DPRK’s Deepfake-Driven Cyber Campaign Targeting Crypto and Software Supply Chains

#UNC1069 #Deepfake

2026-04-16

Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

#SapphireSleet #macOS

2026-04-14

Validin

"Hello? I can’t hear you": Investigating UNC1069’s Fake Meeting Tactics

#CabbageRAT #ClickFix #UNC1069

1
2
3
»
15

View G0082 reports only