UNC4899, a DPRK threat actor-lazarusholic

UNC4899

2023-07-24, Mandiant
North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack

"UNC4899, a suspected DPRK-nexus threat actor active since 2022, employs sophisticated social engineering and accesses via supply chain compromise. In 2024, UNC4899 targeted cryptocurrency professionals on social media with job postings for a prominent firm and gained access to Web3 organizations to steal digital assets. UNC4899 has previously conducted supply chain compromises to likely gain arbitrary access for financial gain."

- Mandiant, https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/?hl=en

Also known as

Name	Named by	AKA	First seen	Last seen
JadeSleet	Microsoft	TraderTraitor	2023-07-18	2024-10-15
PUKCHONG	Google	UNC4899	2024-06-12	2024-06-12
TraderTraitor	USCISA	BlueNoroff	2022-04-18	2025-04-22
UNC4899	Mandiant	TraderTraitor	2023-07-24	2025-04-24

Reports

2025-03-06
Safe.eth
Investigation Updates and Community Call to Action
#Bybit #SafeWallet #UNC4899

2025-02-12
Google
Cybercrime: A Multifaceted National Security Threat
#APT38 #APT43 #APT45 #ITWorker #Trend #UNC1069 #UNC3782 #UNC4899

2024-06-12
Google
Insights on Cyber Threats Targeting Users and Enterprises in Brazil
#PAEKTUSAN #AGAMEMNON #PUKCHONG #PRONTO #UNC4899 #Trend

2023-10-10
Mandiant
Assessed Cyber Structure and Alignments of North Korea in 2023
#Trend #APT38 #UNC1720 #APT43 #APT37 #UNC4899 #UNC614 #UNC1069 #TEMP.Hermit #UNC2226

2023-07-24
Mandiant
North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack
#JumpCloud #UNC4899