Cyber Resilience

Threat actor · all actors

AppleJeusG1049 state

🇰🇵 KP

aka AppleJeus, Gleaming Pisces, Citrine Sleet, UNC1720, UNC4736

Last updated: 2026-07-03

0attributed CVEs
2ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[AppleJeus](https://attack.mitre.org/groups/G1049) is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader [Lazarus Group](https://attack.mitre.org/groups/G0032) umbrella of actors, [AppleJeus](https://attack.mitre.org/groups/G1049) has been active since at least 2018 and is closely aligned in resources with TEMP.hermit, another DPRK-affiliated group under the same umbrella.(Citation: dtex DPRK 2025 structure ITworkers) The group’s primary mission is to generate and launder revenue to provide financial support to the government. [AppleJeus](https://attack.mitre.org/groups/G1049) primarily targets the cryptocurrency industry and is most notably responsible for the [3CX Supply Chain Attack](https://attack.mitre.org/campaigns/C0057).(Citation: Mandiant 3cx UNC4736 2023) The group traditionally deploys malicious cryptocurrency software in combination with [Phishing](https://attack.mitre.org/techniques/T1566). From these compromised environments, it selectively deploys additional backdoors to enable extended operations against high-value financial targets.(Citation: Mandiant DPRK Groups 2023)(Citation: JPCert Blog Laz Subgroups 2025)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
AC-41 / 250%
AC-51 / 250%
AC-61 / 250%
CA-71 / 250%
CM-21 / 250%
CM-61 / 250%
IA-91 / 250%
RA-51 / 250%
SC-201 / 250%
SC-441 / 250%
SC-71 / 250%
SI-21 / 250%
SI-31 / 250%
SI-41 / 250%
SI-81 / 250%

Co-occurring actors

None.

Similar actors