lazarusholic

Everyday is lazarus.dayβ

UNC5267

2024-09-23, Mandiant
Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
"Mandiant tracks IT worker operations we have identified in various environments as UNC5267. UNC5267 remains highly active in the present day, posing an ongoing threat. Some sources suggest that the origins of these operations can be traced back to 2018. Importantly, UNC5267 is not a traditional, centralized threat group. IT workers consist of individuals sent by the North Korean government to live primarily in China and Russia, with smaller numbers in Africa and Southeast Asia. Their mission is to secure lucrative jobs within Western companies, especially those in the U.S. tech sector."

- Mandiant, https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat

Also known as

 
Name Named by AKA First seen Last seen
FamousChollima CrowdStrike - 2024-08-07 2024-10-29
NickelTapestry SecureWorks FamousChollima 2024-10-16 2024-10-16
TenaciousPungsan Datadog FamousChollima 2024-10-24 2024-10-24
UNC5267 Mandiant FamousChollima 2024-09-23 2024-09-23

Reports