UNC1069

Nation: North Korea · 2 tracked threat(s) · Categories: SUPPLY_CHAIN

Also known as: BlueNoroff-linked, Sapphire Sleet, Stardust Chollima, CryptoCore, MASAN, CageyChameleon, BlueNoroff-adjacent, APT38, NICKEL GLADSTONE, BeagleBoyz, Bluenoroff, COPERNICIUM

Tracked threats

Axios npm Supply Chain Compromise (v1.14.1 / v0.30.4) Reaches OpenAI macOS Signing Pipeline, Forces Apple Certificate Rotation — DPRK UNC1069 / Sapphire Sleet WAVESHAPER.V2 — CRITICAL
UNC1069 Compromises Axios NPM Package in Supply Chain Attack Deploying WAVESHAPER.V2 Cross-Platform Backdoor — CRITICAL

Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →

Threadlinqs Intelligence