Integrate expert-curated crypto & blockchain knowledge into your app with the upcoming IQ.wiki API.
UNC4736 (Citrine Sleet) – Milestones
Key milestones and important events in UNC4736 (Citrine Sleet)'s history.
Showing 5 milestones for UNC4736 (Citrine Sleet)
Drift Protocol Heist
After a six-month intelligence operation, the group executes an attack on Drift Protocol, stealing approximately $270 million in digital assets.
www.coindesk.com/markets/2026/04/05/drift-says-usd270-million-exploit-was-a-six-month-north-korean-intelligence-operationRadiant Capital Heist
The group executes a heist targeting Radiant Capital, a DeFi lending platform, resulting in the theft of approximately $50 million in cryptocurrency.
www.scworld.com/brief/north-korean-apt-blamed-for-radiant-capital-crypto-heistChromium Zero-Day Exploit Campaign
Microsoft reports on Citrine Sleet exploiting a zero-day vulnerability (CVE-2024-7971) in the Chromium browser engine to compromise targets in the crypto sector.
www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/3CX Software Supply Chain Compromise Identified
Mandiant formally identifies UNC4736 as the group behind the double supply chain compromise of 3CX's VoIP software, initiated via a trojanized X_TRADER app.
attack.mitre.org/campaigns/C0057/Operation AppleJeus Campaign Begins
The 'Operation AppleJeus' campaign begins, marking a concerted effort by North Korean actors to target the cryptocurrency industry with trojanized applications.