UNC4736, a DPRK threat actor-lazarusholic

UNC4736

2023-04-11, Mandiant
Security Update Mandiant Initial Results

"UNC4736, a sophisticated North Korean threat actor, conducted a cascading software supply chain attack in 2022, compromising a trading software entity and subsequently causing a second supply chain compromise that affected at least nine other organizations. This group has relied on trojanized trading and cryptocurrency software to gain network access for financial gain. UNC4736 also targeted decentralized finance platforms in 2024."

- Mandiant, https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/?hl=en

Also known as

Name	Named by	AKA	First seen	Last seen
CitrineSleet	Microsoft	Lazarus	2023-10-06	2025-03-27
GleamingPisces	PaloaltoNetworks	CitrineSleet	2024-09-09	2024-09-18
UNC4736	Mandiant	CitrineSleet	2023-04-11	2025-04-24
UTA0040	Volexity	UNC4736	2023-03-30	2023-03-30

Reports

2025-04-24
Mandiant
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines
#ITWorker #Trend #UNC1069 #UNC3782 #UNC4736 #UNC4899 #UNC5342

2024-12-06
RadiantCapital
Radiant Capital Incident Update
#AppleJeus #RadiantCapital #UNC4736

2023-04-20
3CX
Mandiant Security Update – Initial Intrusion Vector
#SupplyChain #3CXDesktopApp #SmoothOperator #UNC4736 #X_Trader

2023-04-20
Mandiant
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
#SupplyChain #UNC4736 #YARA #3CXDesktopApp #SmoothOperator #X_Trader #UNC4469 #UNC3782

2023-04-11
3CX
Security Update Mandiant Initial Results
#SupplyChain #YARA #UNC4736 #TAXHAUL #3CXDesktopApp #SmoothOperator