2024-09-23
Mandiant
Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
#ITWorker
#UNC5267
UNC5267
"Mandiant tracks IT worker operations we have identified in various environments as UNC5267. UNC5267 remains highly active in the present day, posing an ongoing threat. Some sources suggest that the origins of these operations can be traced back to 2018. Importantly, UNC5267 is not a traditional, centralized threat group. IT workers consist of individuals sent by the North Korean government to live primarily in China and Russia, with smaller numbers in Africa and Southeast Asia. Their mission is to secure lucrative jobs within Western companies, especially those in the U.S. tech sector."
- Mandiant, https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat
Also known as
Name | Named by | AKA | First seen | Last seen |
---|---|---|---|---|
FamousChollima | CrowdStrike | - | 2024-08-07 | 2024-10-29 |
NickelTapestry | SecureWorks | FamousChollima | 2024-10-16 | 2024-10-16 |
TenaciousPungsan | Datadog | FamousChollima | 2024-10-24 | 2024-10-24 |
UNC5267 | Mandiant | FamousChollima | 2024-09-23 | 2024-09-23 |