lazarusholic

Everyday is lazarus.dayβ

UNC4899

2023-07-24, Mandiant
North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack
"UNC4899, a suspected DPRK-nexus threat actor active since 2022, employs sophisticated social engineering and accesses via supply chain compromise. In 2024, UNC4899 targeted cryptocurrency professionals on social media with job postings for a prominent firm and gained access to Web3 organizations to steal digital assets. UNC4899 has previously conducted supply chain compromises to likely gain arbitrary access for financial gain."

- Mandiant, https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/?hl=en

Also known as

 
Name Named by AKA First seen Last seen
JadeSleet Microsoft TraderTraitor 2023-07-18 2024-10-15
PUKCHONG Google UNC4899 2024-06-12 2025-11-05
TraderTraitor USCISA BlueNoroff 2022-04-18 2026-05-18
UNC4899 Mandiant TraderTraitor 2023-07-24 2026-03-09

Reports

2026-03-09
Google
Cloud Threat Horizons Report H1 2026
#UNC4899 #UNC5267
2025-11-05
Google
GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools
#UNC1069 #UNC4899 #MASAN #PUKCHONG #Trend
2025-08-19
WooX
July 24th - Security incident post-mortem
#UNC4899 #WooX
2025-08-03
划水摸鱼
DRPK Threats to Web3 and Cryptocurrency
#UNC1069 #UNC1720 #UNC4899 #UNC5342 #UNC5267
2025-08-01
Google
Cloud threat horizons report H2 2025
#UNC4899 #Trend
2025-04-24
Mandiant
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines
#ITWorker #Trend #UNC1069 #UNC3782 #UNC4736 #UNC4899 #UNC5342
2025-03-06
Safe.eth
Investigation Updates and Community Call to Action
#Bybit #SafeWallet #UNC4899
2025-02-12
Google
Cybercrime: A Multifaceted National Security Threat
#APT38 #APT43 #APT45 #ITWorker #Trend #UNC1069 #UNC3782 #UNC4899
2024-06-12
Google
Insights on Cyber Threats Targeting Users and Enterprises in Brazil
#PAEKTUSAN #AGAMEMNON #PUKCHONG #PRONTO #UNC4899 #Trend
2023-10-10
Mandiant
Assessed Cyber Structure and Alignments of North Korea in 2023
#Trend #APT38 #UNC1720 #APT43 #APT37 #UNC4899 #UNC614 #UNC1069 #TEMP.Hermit #UNC2226
2023-07-24
Mandiant
North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack
#JumpCloud #UNC4899