UNC1069 — Threat Actor Profile, Campaigns & Targets

Threat entity extracted from intelligence sources

Frequency
32
occurrences
First Seen
November 7, 2025
Last Seen
June 6, 2026

UNC1069 is a apt_group tracked across 10 threat clusters and 32 intelligence report mentions on ThreatCluster. First observed November 7, 2025; most recent activity June 6, 2026.

Related Threat Clusters

  • North Korean Hackers Target macOS Users in Cryptocurrency Theft Campaign

    A sophisticated malware campaign targeting macOS users has been linked to North Korean threat group Sapphire Sleet. This operation focuses on cryptocurrency organizations, venture capital firms, and Web3 developers.…

    2 articles · Updated June 3, 2026
  • North Korean Group UNC1069 Behind Axios npm Supply Chain Attack

    On March 31, 2026, a supply chain attack targeting the Axios npm package was attributed to the North Korean cyber group UNC1069. This attack exploited vulnerabilities in the software supply chain, affecting numerous…

    5 articles · Updated April 1, 2026
  • North Korea's UNC1069 Targets Cryptocurrency Professionals with Fake Meetings

    A North Korea-linked threat actor, UNC1069, is executing a targeted campaign aimed at cryptocurrency and Web3 professionals. The attackers lure victims into fake Zoom, Google Meet, and Microsoft Teams meetings, where…

    2 articles · Updated April 20, 2026
  • North Korean Hackers Exploit Fake Microsoft Teams Domains for Malware Attacks

    Threat actors linked to North Korea, identified as UNC1069, are using fake Microsoft Teams domains to execute social engineering attacks and distribute malware. These attacks target corporate users by mimicking the…

    4 articles · Updated April 6, 2026
  • Mercor Cyberattack Linked to LiteLLM Supply Chain Compromise

    AI recruiting startup Mercor confirmed it was impacted by a supply chain attack linked to the LiteLLM project, which has affected thousands of organizations. The breach was attributed to the hacking group TeamPCP, with…

    30 articles · Updated April 1, 2026
  • Mini Shai-Hulud Supply Chain Attack Targets SAP npm Packages

    A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…

    680 articles · Updated April 29, 2026
  • New Threat Actor JINX-0164 Targets Cryptocurrency Organizations

    A new threat actor, JINX-0164, has been identified targeting cryptocurrency firms using custom macOS malware and social engineering tactics. Active since mid-2025, the group employs fake recruiter approaches to gain…

    14 articles · Updated May 28, 2026
  • North Korean Hackers Steal $100K from Zerion Using AI Social Engineering

    Zerion, a DeFi crypto wallet provider, reported a theft of approximately $100,000 from its hot wallets due to an AI-enhanced social engineering attack linked to North Korean hackers. The attack, which targeted employee…

    5 articles · Updated April 15, 2026
  • Debate on AI SOC Agents and Security Outcomes

    The discussion around AI Security Operations Centers (SOCs) is evolving, with Gartner's report highlighting the mainstream recognition of AI's potential in enhancing SOC functions. However, critiques emphasize that…

    52 articles · Updated November 16, 2025
  • North Korean Hackers Use AI Deepfakes in Crypto Attacks

    Google's Mandiant security team reported that North Korean hackers, identified as UNC1069 or 'CryptoCore', are employing AI-generated deepfakes in fraudulent video meetings to target cryptocurrency companies. The…

    20 articles · Updated February 10, 2026

Recent Intelligence Reports

  • Threat Actors Target Crypto Orgs — www.wiz.io · June 6, 2026
  • North Korean APT Targets macOS to Steal Crypto Wallets and SSH Keys — Gbhackers · June 3, 2026
  • North Korean hackers target macOS users with advanced malware campaign — Cybernews · June 1, 2026
  • New Threat Actor Jinx — Infosecurity-Magazine · May 28, 2026
  • North Korea — Cybersecuritynews · April 20, 2026
  • North Korea — Gbhackers · April 20, 2026
  • North Korean Hackers Hit Zerion With AI Social Engineering Attack — Mexc · April 15, 2026
  • North Korean hackers use AI technology to conduct social engineering attacks against ... — Techflowpost · April 15, 2026

CVSS v3.1 Breakdown