Threat actor · all actors
AppleJeusG1049 state
🇰🇵 KP
aka AppleJeus, Gleaming Pisces, Citrine Sleet, UNC1720, UNC4736
Last updated: 2026-07-03
About this actor
[AppleJeus](https://attack.mitre.org/groups/G1049) is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader [Lazarus Group](https://attack.mitre.org/groups/G0032) umbrella of actors, [AppleJeus](https://attack.mitre.org/groups/G1049) has been active since at least 2018 and is closely aligned in resources with TEMP.hermit, another DPRK-affiliated group under the same umbrella.(Citation: dtex DPRK 2025 structure ITworkers) The group’s primary mission is to generate and launder revenue to provide financial support to the government. [AppleJeus](https://attack.mitre.org/groups/G1049) primarily targets the cryptocurrency industry and is most notably responsible for the [3CX Supply Chain Attack](https://attack.mitre.org/campaigns/C0057).(Citation: Mandiant 3cx UNC4736 2023) The group traditionally deploys malicious cryptocurrency software in combination with [Phishing](https://attack.mitre.org/techniques/T1566). From these compromised environments, it selectively deploys additional backdoors to enable extended operations against high-value financial targets.(Citation: Mandiant DPRK Groups 2023)(Citation: JPCert Blog Laz Subgroups 2025)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
AC-4 | 1 / 2 | 50% |
AC-5 | 1 / 2 | 50% |
AC-6 | 1 / 2 | 50% |
CA-7 | 1 / 2 | 50% |
CM-2 | 1 / 2 | 50% |
CM-6 | 1 / 2 | 50% |
IA-9 | 1 / 2 | 50% |
RA-5 | 1 / 2 | 50% |
SC-20 | 1 / 2 | 50% |
SC-44 | 1 / 2 | 50% |
SC-7 | 1 / 2 | 50% |
SI-2 | 1 / 2 | 50% |
SI-3 | 1 / 2 | 50% |
SI-4 | 1 / 2 | 50% |
SI-8 | 1 / 2 | 50% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- APT30 0.20
- Water Galura 0.20
- SilverTerrier 0.17
- Pikabot Distribution February 2024 0.14
- TA459 0.11
Same nation-state
- Operation Dream Job 1.00
- 3CX Supply Chain Attack 1.00
- Lazarus Group 1.00
- APT37 1.00
- APT38 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00