Security alert: social engineering campaign targets technology industry employees
2023-07-18 • Git Hub •
We assess with high confidence that this campaign is associated with a group operating in support of North Korean objectives, known as Jade Sleet by Microsoft Threat Intelligence and TraderTraitor by the U.S. Many of these targeted accounts are connected to the blockchain, cryptocurrency, or online gambling sectors. Jade Sleet mostly targets users associated with cryptocurrency and other blockchain-related organizations, but also targets vendors used by those firms. GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | npmaudit.com | 2023-07-18 | 2023-08-02 |
| DOMAIN | cryptopriceoffer.com | 2023-07-18 | 2023-08-02 |
| DOMAIN | coingeckoprice.com | 2023-07-18 | 2023-08-02 |
| DOMAIN | npmjscloud.com | 2023-07-18 | 2023-08-02 |
| DOMAIN | tradingprice.net | 2023-06-23 | 2023-08-02 |
| DOMAIN | npmrepos.com | 2023-06-23 | 2023-08-02 |
| DOMAIN | bi2price.com | 2023-06-23 | 2023-08-02 |
| DOMAIN | npmjsregister.com | 2023-06-23 | 2023-08-02 |
Related Actors
Related Reports
Shares tags: JadeSleet, NPM • Shares 8 IOCs • Published within a month
2023-07-20 •
65% Match
JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity
Sentinel One
Shares tag: NPM • Shares 5 IOCs • Published within a week
Shares tags: JadeSleet, NPM
Shares tag: NPM • Shares 4 IOCs • Published within a month
2023-10-06 •
50% Match
#Trend
#Sleet
#JadeSleet
#OnyxSleet
#DiamondSleet
#EmeraldSleet
#OpalSleet
#RubySleet
#SapphireSleet
#CitrineSleet
Shares tag: JadeSleet
Shares tag: NPM • Shares 1 IOC • Published within a month