2025-04-24
Mandiant
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines
#ITWorker
#Trend
#UNC1069
#UNC3782
#UNC4736
#UNC4899
#UNC5342
UNC1069
"UNC1069, active since at least April 2018, targets diverse industries for financial gain. The group uses social engineering, often posing as investors from reputable firms on Telegram. UNC1069 has relied on spearphishing and social engineering to gain initial access and has been observed sending fake meeting invites (sometimes via compromised Telegram accounts) to Web3 and cryptocurrency organizations to gain illicit access to digital assets and cryptocurrency."
- Mandiant, https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/?hl=en
Also known as
| Name | Named by | AKA | First seen | Last seen |
|---|---|---|---|---|
| BlackAlicanto | PWC | CryptoCore | 2021-09-08 | 2023-04-12 |
| CryptoCore | Clearskysec | BlueNoroff | 2020-06-24 | 2021-05-24 |
| CryptoMimic | NTTSecurity | CryptoCore | 2020-09-30 | 2021-02-01 |
| LeeryTurtle | Cyberstruggle | CryptoCore | - | 2020-05-06 |
| TA444 | Proofpoint | CryptoCore | 2021-10-27 | 2024-01-04 |
| UNC1069 | Mandiant | CryptoCore | 2023-04-18 | 2025-04-24 |