KP

UNC1069UNC1069

Also known as: MASAN · CryptoCore · UNC1069

Origin
KP
Known aliases
3

Profile

CryptoCore is a North Korean APT known for targeting cryptocurrency exchanges and financial institutions, employing spear-phishing techniques that lead to LONEJOGGER malware infections. The group has leveraged social engineering tactics, including deepfake technology and hijacked YouTube accounts, to execute sophisticated giveaway scams that deceive victims into sending cryptocurrencies. Their operations have involved the misuse of platforms like Gemini for reconnaissance and the development of fraudulent content. Additionally, CryptoCore has been linked to a variety of campaigns, including Dangerous Password and SnatchCrypto, focusing on financial gain through cryptocurrency theft.

Aliases· 3

MASANCryptoCoreUNC1069

References

  1. https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023
  2. https://www.spixnet.com/cybersecurity-blog/2023/04/03/newly-exposed-apt43-hacking-group-targeting-us-orgs-since-2018/
  3. https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC2970
Actor
UNC6691
Actor
UNC4736
Actor
UNC5342
Actor
CryptoChameleon
Actor
UNC6293
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.