UNC1069 is a apt_group tracked across 10 threat clusters and 32 intelligence report mentions on ThreatCluster. First observed November 7, 2025; most recent activity June 6, 2026.
A sophisticated malware campaign targeting macOS users has been linked to North Korean threat group Sapphire Sleet. This operation focuses on cryptocurrency organizations, venture capital firms, and Web3 developers.…
On March 31, 2026, a supply chain attack targeting the Axios npm package was attributed to the North Korean cyber group UNC1069. This attack exploited vulnerabilities in the software supply chain, affecting numerous…
A North Korea-linked threat actor, UNC1069, is executing a targeted campaign aimed at cryptocurrency and Web3 professionals. The attackers lure victims into fake Zoom, Google Meet, and Microsoft Teams meetings, where…
Threat actors linked to North Korea, identified as UNC1069, are using fake Microsoft Teams domains to execute social engineering attacks and distribute malware. These attacks target corporate users by mimicking the…
AI recruiting startup Mercor confirmed it was impacted by a supply chain attack linked to the LiteLLM project, which has affected thousands of organizations. The breach was attributed to the hacking group TeamPCP, with…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
A new threat actor, JINX-0164, has been identified targeting cryptocurrency firms using custom macOS malware and social engineering tactics. Active since mid-2025, the group employs fake recruiter approaches to gain…
Zerion, a DeFi crypto wallet provider, reported a theft of approximately $100,000 from its hot wallets due to an AI-enhanced social engineering attack linked to North Korean hackers. The attack, which targeted employee…
The discussion around AI Security Operations Centers (SOCs) is evolving, with Gartner's report highlighting the mainstream recognition of AI's potential in enhancing SOC functions. However, critiques emphasize that…
Google's Mandiant security team reported that North Korean hackers, identified as UNC1069 or 'CryptoCore', are employing AI-generated deepfakes in fraudulent video meetings to target cryptocurrency companies. The…