lazarusholic

Everyday is lazarus.dayβ

UNC1069

2023-04-18, Mandiant
M-Trends 2023: Cybersecurity Insights From the Frontlines
"UNC1069, active since at least April 2018, targets diverse industries for financial gain. The group uses social engineering, often posing as investors from reputable firms on Telegram. UNC1069 has relied on spearphishing and social engineering to gain initial access and has been observed sending fake meeting invites (sometimes via compromised Telegram accounts) to Web3 and cryptocurrency organizations to gain illicit access to digital assets and cryptocurrency."

- Mandiant, https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/?hl=en

Also known as

 
Name Named by AKA First seen Last seen
BlackAlicanto PWC CryptoCore 2021-09-08 2023-04-12
CryptoCore Clearskysec BlueNoroff 2020-06-24 2025-10-22
CryptoMimic NTTSecurity CryptoCore 2020-09-30 2021-02-01
LeeryTurtle Cyberstruggle CryptoCore - 2020-05-06
MASAN Google UNC1069 2025-11-06 2025-11-05
TA444 Proofpoint CryptoCore 2021-10-27 2026-04-01
UNC1069 Mandiant CryptoCore 2023-04-18 2026-05-19

Reports

2026-05-19
OSM
Axios attacker strikes again! Three NPM packages have been hiding in plain sight for two months
#Axios #NPM #UNC1069
2026-04-18
FalconFeeds
UNC1069: DPRK’s Deepfake-Driven Cyber Campaign Targeting Crypto and Software Supply Chains
#UNC1069 #Deepfake
2026-04-14
Validin
"Hello? I can’t hear you": Investigating UNC1069’s Fake Meeting Tactics
#CabbageRAT #ClickFix #UNC1069
2026-04-08
SecurityAlliance
Advisory on DPRK (UNC1069) Fake Microsoft Teams and Zoom calls
#UNC1069
2026-04-06
PolySwarm
The Axios Breach: When npm Trust Becomes an APT Attack Vector
#Axios #NPM #UNC1069
2026-04-01
CybersecSentinel
Axios npm Backdoored: UNC1069 Deploys Cross-Platform RAT via Supply Chain Attack
#Axios #NPM #UNC1069
2026-04-01
Google
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
#Axios #NPM #UNC1069 #WAVESHAPER
2026-03-02
Moonlock
Fake VCs target crypto talent
#ClickFix #UNC1069
2026-02-20
PolySwarm
UNC1069 Uses New Tools to Target Crypto Entities
#ClickFix #UNC1069
2026-02-10
Google
UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering
#UNC1069 #ClickFix #Cryptocurrency #WAVESHAPER
2025-11-05
Google
GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools
#UNC1069 #UNC4899 #MASAN #PUKCHONG #Trend
2025-08-03
划水摸鱼
DRPK Threats to Web3 and Cryptocurrency
#UNC1069 #UNC1720 #UNC4899 #UNC5342 #UNC5267
2025-04-24
Mandiant
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines
#ITWorker #Trend #UNC1069 #UNC3782 #UNC4736 #UNC4899 #UNC5342
2025-02-12
Google
Cybercrime: A Multifaceted National Security Threat
#APT38 #APT43 #APT45 #ITWorker #Trend #UNC1069 #UNC3782 #UNC4899
2023-10-10
Mandiant
Assessed Cyber Structure and Alignments of North Korea in 2023
#Trend #APT38 #UNC1720 #APT43 #APT37 #UNC4899 #UNC614 #UNC1069 #TEMP.Hermit #UNC2226
2023-04-18
Mandiant
M-Trends 2023: Cybersecurity Insights From the Frontlines
#Trend #UNC4369 #UNC1069 #UNC1758 #UNC4131